CVE-2025-21270

Q: What is the severity of CVE-2025-21270?

CVE-2025-21270 has a CVSS score of 7.5 (HIGH). Microsoft Message Queuing (MSMQ) contains a denial-of-service vulnerability that allows attackers to crash the service by sending specially crafted packets. This affects systems running MSMQ on supported Windows versions. The vulnerability requires network access to the MSMQ service.

7.5 HIGH

Denial of Service

📋 TL;DR

Microsoft Message Queuing (MSMQ) contains a denial-of-service vulnerability that allows attackers to crash the service by sending specially crafted packets. This affects systems running MSMQ on supported Windows versions. The vulnerability requires network access to the MSMQ service.

💻 Affected Systems

Products:

Microsoft Message Queuing (MSMQ)

Versions: All supported Windows versions with MSMQ enabled

Operating Systems: Windows Server 2019, Windows Server 2022, Windows 10, Windows 11

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if MSMQ component is installed and enabled. Not installed by default on most Windows systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of MSMQ service, disrupting dependent applications and business processes that rely on message queuing functionality.

🟠

Likely Case

Temporary service disruption requiring manual restart of MSMQ service, causing application timeouts and degraded performance.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and service restoration.

🌐 Internet-Facing: MEDIUM - MSMQ services exposed to internet could be targeted by automated scanning tools, but requires specific port access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could disrupt critical business applications relying on MSMQ.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to MSMQ service port (typically TCP 1801). No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest Windows security updates for affected OS versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft Update. 2. Restart affected systems. 3. Verify MSMQ service is running normally.

🔧 Temporary Workarounds

Disable MSMQ Service

Windows

Stop and disable MSMQ service if not required for business operations

sc stop MSMQ
sc config MSMQ start= disabled

Block MSMQ Ports

Windows

Block network access to MSMQ ports using firewall rules

netsh advfirewall firewall add rule name="Block MSMQ" dir=in action=block protocol=TCP localport=1801

🧯 If You Can't Patch

Implement strict network segmentation to limit MSMQ access to trusted systems only
Monitor MSMQ service health and implement automated restart procedures for service crashes

🔍 How to Verify

Check if Vulnerable:

Check if MSMQ service is installed and running: Get-Service MSMQ (PowerShell) or sc query MSMQ (CMD)

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the latest security updates and MSMQ service remains stable under normal load

📡 Detection & Monitoring

Log Indicators:

MSMQ service crash events in Windows System logs (Event ID 7031, 7034)
Unexpected MSMQ service restarts

Network Indicators:

Unusual traffic patterns to MSMQ port 1801
Multiple connection attempts from single sources

SIEM Query:

EventID=7031 OR EventID=7034 AND ServiceName="MSMQ"

📊 Metadata

CVE ID: CVE-2025-21270

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 3.32% exploit probability (87th percentile)

Published: January 14, 2025

Last Updated: January 27, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft