CVE-2025-21254
published 2025-02-11CVE-2025-21254: Internet Connection Sharing (ICS) Denial of Service Vulnerability
PriorityP422medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.88%
54.4th percentile
Internet Connection Sharing (ICS) Denial of Service Vulnerability
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_10_1809 | < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_10_21h2 | < 10.0.19044.5487 | 10.0.19044.5487 |
| microsoft | windows_10_22h2 | < 10.0.19045.5487 | 10.0.19045.5487 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5487 | 10.0.19044.5487 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5487 | 10.0.19045.5487 |
| microsoft | windows_11_22h2 | < 10.0.22621.4890 | 10.0.22621.4890 |
| microsoft | windows_11_23h2 | < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_24h2 | < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4890 | 10.0.22621.4890 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_server_2016 | < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_server_2019 | < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_server_2022 | < 10.0.20348.3207 | 10.0.20348.3207 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3207 | 10.0.20348.3207 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1425 | 10.0.25398.1425 |
| microsoft | windows_server_2025 | < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.3194 | 10.0.26100.3194 |
| msrc | windows_10_version_1607 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrr3-x5rf-qxxj: Internet Connection Sharing (ICS) Denial of Service Vulnerability
ghsa_unreviewed·2025-02-11
CVE-2025-21254 [MEDIUM] CWE-125 GHSA-hrr3-x5rf-qxxj: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
Microsoft
Internet Connection Sharing (ICS) Denial of Service Vulnerability
vendor_msrc·2025-02-11·CVSS 6.5
CVE-2025-21254 [MEDIUM] CWE-125 Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?
An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).
Windows Internet Connection Sharing (ICS): Windows Internet Connection Sharing (ICS)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
Reference: https://support.microsoft.com/help/5052000
Reference: https://cat
No detection rules found.
No public exploits indexed.
2025-02-11
Published