CVE-2025-21367
published 2025-02-11CVE-2025-21367: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.57%
42.6th percentile
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_10_21h2 | < 10.0.19044.5487 | 10.0.19044.5487 |
| microsoft | windows_10_22h2 | < 10.0.19045.5487 | 10.0.19045.5487 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5487 | 10.0.19044.5487 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5487 | 10.0.19045.5487 |
| microsoft | windows_11_22h2 | < 10.0.22621.4890 | 10.0.22621.4890 |
| microsoft | windows_11_23h2 | < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_24h2 | < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4890 | 10.0.22621.4890 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4890 | 10.0.22631.4890 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_server_2019 | < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6893 | 10.0.17763.6893 |
| microsoft | windows_server_2022 | < 10.0.20348.3207 | 10.0.20348.3207 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3207 | 10.0.20348.3207 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1425 | 10.0.25398.1425 |
| microsoft | windows_server_2025 | < 10.0.26100.3194 | 10.0.26100.3194 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.3194 | 10.0.26100.3194 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
vendor_msrc·2025-02-11·CVSS 7.8
CVE-2025-21367 [HIGH] CWE-416 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Win32 Kernel Subsystem: Windows Win32 Kernel Subsystem
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
Reference: https://support.microsoft.com/help/5052000
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
Reference: https://support.microsoft.com/help/5051979
Reference: https://su
GHSA
GHSA-r7mf-p426-hpwr: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
ghsa_unreviewed·2025-02-11
CVE-2025-21367 [HIGH] CWE-416 GHSA-r7mf-p426-hpwr: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review
blogs_qualys·2025-02-11
Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for February 2025
Adobe Patches for February 2025
Zero-day Vulnerabilities Patched in February Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in February Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
Qualys Monthly Webinar Series
As the second Patch Tuesday of 2025 arrives, Microsoft has released crucial updates to strengthen cybersecurity defenses. Let’s explore the highlights and what they mean for users.
## Microsoft Patch Tuesday for February 2025
Microsoft Patch’s Tuesday, February 2025 edition addressed 67 vulnerabilities, including t
Qualys
Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review | Qualys
blogs_qualys·2025-02-11
Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for February 2025
- Adobe Patches for February 2025
- Zero-day Vulnerabilities Patched in February Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in February Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- Qualys Monthly Webinar Series
As the second Patch Tuesday of 2025 arrives, Microsoft has released crucial updates to strengthen cybersecurity defenses. Let’s explore the highlights and what they mean for users.
## Microsoft Patch Tuesday for February 2025
Microsoft Patch’s Tuesday, February 2025 edition addressed 67 vulnerabilities,
Bleepingcomputer
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
blogs_bleepingcomputer·2025-02-11·CVSS 7.1
[HIGH] Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
## Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
## Lawrence Abrams
19 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
22 Remote Code Execution Vulnerabilities
1 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
The above numbers do not include a critical Microsoft Dynamics 365 Sales elevation of privileges flaw and 10 Microsoft Edge vulnerabilities fixed on February 6.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5051987 & KB5051989 cumulative updates and the Windows 10 KB5051974 update .
## Two actively exploited zero-day disclosed
This month's Patch Tuesday fixes two actively exploited and two public
2025-02-11
Published