CVE-2025-21343Improper Privilege Management in Microsoft Windows 11 Version 22h2

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.5HIGHNVD
EPSS
5.4%
top 9.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Windows 11 Version 22h2Microsoft Windows 11 Version 22h3Microsoft Windows 11 Version 23h2+10 more
Timeline
PublishedJan 14

Description

Windows Web Threat Defense User Service Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

NVDmicrosoft/windows_11_22h2< 10.0.22621.4751
NVDmicrosoft/windows_11_23h2< 10.0.22631.4751
NVDmicrosoft/windows_11_24h2< 10.0.26100.2894
CVEListV5microsoft/windows_11_version_22h210.0.22621.010.0.22621.4751
CVEListV5microsoft/windows_11_version_22h310.0.22631.010.0.22631.4751

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-rrm6-257m-2hgw: Windows Web Threat Defense User Service Information Disclosure Vulnerability2025-01-14

📋Vendor Advisories

1
Microsoft
Windows Web Threat Defense User Service Information Disclosure Vulnerability2025-01-14

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws2025-01-14
CVE-2025-21343 — Improper Privilege Management | cvebase