CVE-2025-21351
published 2025-02-11CVE-2025-21351: Windows Active Directory Domain Services API Denial of Service Vulnerability
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.07%
79.0th percentile
Windows Active Directory Domain Services API Denial of Service Vulnerability
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_10_1809 | < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_10_21h2 | < 10.0.19044.5487 | 10.0.19044.5487 |
| microsoft | windows_10_22h2 | < 10.0.19045.5487 | 10.0.19045.5487 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5487 | 10.0.19044.5487 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5487 | 10.0.19045.5487 |
| microsoft | windows_11_22h2 | < 10.0.22621.4890 | 10.0.22621.4890 |
| microsoft | windows_11_23h2 | < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_24h2 | < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4890 | 10.0.22621.4890 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_server_2016 | < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7785 | 10.0.14393.7785 |
| microsoft | windows_server_2019 | < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_server_2022 | < 10.0.20348.3207 | 10.0.20348.3207 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3207 | 10.0.20348.3207 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1425 | 10.0.25398.1425 |
| microsoft | windows_server_2025 | < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.3194 | 10.0.26100.3194 |
| msrc | windows_10_version_1607 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xh69-9jx5-xgph: Windows Active Directory Domain Services API Denial of Service Vulnerability
ghsa_unreviewed·2025-02-11
CVE-2025-21351 [HIGH] CWE-400 GHSA-xh69-9jx5-xgph: Windows Active Directory Domain Services API Denial of Service Vulnerability
Windows Active Directory Domain Services API Denial of Service Vulnerability
Microsoft
Windows Active Directory Domain Services API Denial of Service Vulnerability
vendor_msrc·2025-02-11·CVSS 7.5
CVE-2025-21351 [HIGH] CWE-400 Windows Active Directory Domain Services API Denial of Service Vulnerability
Windows Active Directory Domain Services API Denial of Service Vulnerability
Active Directory Domain Services: Active Directory Domain Services
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
Reference: https://support.microsoft.com/help/5052000
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
Reference: https://support.microsoft.com/help/5051979
Reference: https://support.microsoft.com/help/5052106
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
Reference: https://support.microsoft.com/help/5051974
Reference:
No detection rules found.
No public exploits indexed.
2025-02-11
Published