CVE-2025-21230

Q: What is the severity of CVE-2025-21230?

CVE-2025-21230 has a CVSS score of 7.5 (HIGH). Microsoft Message Queuing (MSMQ) contains a vulnerability that allows attackers to cause a denial of service condition by sending specially crafted packets to affected systems. This affects Windows servers and workstations running MSMQ service. The vulnerability could lead to service disruption or system instability.

7.5 HIGH

Denial of Service

📋 TL;DR

Microsoft Message Queuing (MSMQ) contains a vulnerability that allows attackers to cause a denial of service condition by sending specially crafted packets to affected systems. This affects Windows servers and workstations running MSMQ service. The vulnerability could lead to service disruption or system instability.

💻 Affected Systems

Products:

Microsoft Message Queuing (MSMQ)

Versions: All supported versions of Windows with MSMQ enabled

Operating Systems: Windows Server 2019, Windows Server 2022, Windows 10, Windows 11

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if MSMQ service is installed and running. MSMQ is not installed by default on most Windows systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of MSMQ functionality, potentially affecting dependent applications and requiring system restart to recover.

🟠

Likely Case

Temporary service disruption affecting message processing and application communication that relies on MSMQ.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring in place to detect and block attack attempts.

🌐 Internet-Facing: MEDIUM - MSMQ services exposed to internet could be targeted by DoS attacks, but requires specific port access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this to disrupt business-critical messaging services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network access to MSMQ service port (typically TCP 1801). No authentication needed to trigger the DoS condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply latest Windows security updates from Microsoft

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21230

Restart Required: Yes

Instructions:

1. Apply Windows security updates from Microsoft Update or WSUS. 2. Restart affected systems to complete installation. 3. Verify MSMQ service is functioning properly after restart.

🔧 Temporary Workarounds

Disable MSMQ Service

Windows

Stop and disable MSMQ service if not required for business operations

Stop-Service -Name MSMQ
Set-Service -Name MSMQ -StartupType Disabled

Block MSMQ Ports

Windows

Block network access to MSMQ ports using firewall rules

New-NetFirewallRule -DisplayName "Block MSMQ" -Direction Inbound -LocalPort 1801 -Protocol TCP -Action Block

🧯 If You Can't Patch

Implement strict network segmentation to limit access to MSMQ services
Deploy network monitoring and intrusion detection for MSMQ traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check if MSMQ service is installed and running: Get-Service MSMQ | Select Status, StartType

Check Version:

Get-WmiObject -Class Win32_Service -Filter "Name='MSMQ'" | Select Name, State, StartMode

Verify Fix Applied:

Verify Windows Update history for MSMQ-related patches and confirm MSMQ service version

📡 Detection & Monitoring

Log Indicators:

Event ID 5000 in Application log indicating MSMQ service failure
High volume of connection attempts to port 1801

Network Indicators:

Unusual traffic patterns to MSMQ port 1801
Multiple connection resets or timeouts

SIEM Query:

source="windows" AND (event_id=5000 OR service="MSMQ") AND (status="stopped" OR error="access denied")

📊 Metadata

CVE ID: CVE-2025-21230

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 3.32% exploit probability (87th percentile)

Published: January 14, 2025

Last Updated: January 27, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21230 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft