CVE-2025-21174 – This vulnerability in Windows Standards-Based S... (How to Fix)

Q: What is the severity of CVE-2025-21174?

CVE-2025-21174 has a CVSS score of 7.5 (HIGH). This vulnerability in Windows Standards-Based Storage Management Service allows unauthorized attackers to cause denial of service by consuming system resources over a network. It affects Windows systems with this service enabled, potentially disrupting storage management functionality.

📋 TL;DR

This vulnerability in Windows Standards-Based Storage Management Service allows unauthorized attackers to cause denial of service by consuming system resources over a network. It affects Windows systems with this service enabled, potentially disrupting storage management functionality.

💻 Affected Systems

Products:

Windows Standards-Based Storage Management Service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server, Windows Client versions with affected service

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Standards-Based Storage Management Service to be running and accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for storage management operations, potentially affecting dependent applications and services.

🟠

Likely Case

Degraded performance or temporary unavailability of storage management services.

🟢

If Mitigated

Minimal impact with proper network segmentation and resource monitoring.

🌐 Internet-Facing: MEDIUM - Requires network access to vulnerable service, but service may not be internet-facing by default.

🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this to disrupt storage management.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-400 vulnerabilities typically involve simple resource exhaustion attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for specific KB number

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21174

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Restart affected systems. 3. Verify service is updated.

🔧 Temporary Workarounds

Restrict Network Access

windows

Limit network access to Standards-Based Storage Management Service using firewall rules

New-NetFirewallRule -DisplayName "Block SMB Storage Mgmt" -Direction Inbound -Protocol TCP -LocalPort 5985,5986 -Action Block

Disable Service if Not Needed

windows

Disable the Standards-Based Storage Management Service if not required

Stop-Service -Name WinRM
Set-Service -Name WinRM -StartupType Disabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Monitor for abnormal resource consumption patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check if Standards-Based Storage Management Service is running and accessible on network

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the relevant security patch and service is restarted

📡 Detection & Monitoring

Log Indicators:

Unusual resource consumption in System logs
Multiple failed connection attempts to storage service

Network Indicators:

High volume of requests to Standards-Based Storage Management Service ports
Abnormal traffic patterns to port 5985/5986

SIEM Query:

source="windows" AND (event_id=4625 OR event_id=4688) AND process_name="*WinRM*" | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-21174

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 37.89% exploit probability (97.1th percentile)

Published: April 8, 2025

Last Updated: July 8, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21174 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21174, you might also want to check these: