CVE-2025-21325
published 2025-01-17CVE-2025-21325: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.43%
34.4th percentile
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_21h2 | < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_22h2 | < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_11_22h2 | < 10.0.22621.4751 | 10.0.22621.4751 |
| microsoft | windows_11_23h2 | < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_24h2 | < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4751 | 10.0.22621.4751 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_server_2025 | < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.2894 | 10.0.26100.2894 |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
vendor_msrc·2025-01-14·CVSS 7.8
CVE-2025-21325 [HIGH] CWE-732 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
FAQ: What architecture(s) are impacted by this vulnerability?
This vulnerability impacts ARM64 only.
FAQ: How could an attacker exploit this vulnerability and what privileges could an attacker gain?
An authenticated attacker could escalate privileges to Secure Kernel by overwriting the page table data meant for the kernel.
Windows Secure Kernel Mode: Windows Secure Kernel Mode
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5049981
Reference: https://support.microsoft.com/help/5049981
Reference: https://catalog.upd
GHSA
GHSA-whvm-p394-24wc: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
ghsa_unreviewed·2025-01-17
CVE-2025-21325 [HIGH] CWE-732 GHSA-whvm-p394-24wc: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-17
Published