CVE-2025-21272

Q: What is the severity of CVE-2025-21272?

CVE-2025-21272 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Windows COM Server allows attackers to read sensitive information from memory without proper authorization. It affects Windows systems with COM components enabled, potentially exposing credentials or system data to local attackers.

6.5 MEDIUM

📋 TL;DR

This vulnerability in Windows COM Server allows attackers to read sensitive information from memory without proper authorization. It affects Windows systems with COM components enabled, potentially exposing credentials or system data to local attackers.

💻 Affected Systems

Products:

Windows COM Server

Versions: Specific Windows versions as per Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires COM components to be enabled and accessible to local users.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive information like credentials, encryption keys, or system configuration data from memory, leading to privilege escalation or lateral movement.

🟠

Likely Case

Local attackers reading limited memory contents to gather system information or partial credential data for further attacks.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place.

🌐 Internet-Facing: LOW - This is primarily a local attack vector requiring access to the system.

🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this to gather sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of COM interfaces. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272

Restart Required: Yes

Instructions:

1. Open Windows Update Settings
2. Check for updates
3. Install all security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Restrict COM Access

windows

Limit COM component access through DCOM configuration and permissions

dcomcnfg

Enable Windows Defender Exploit Protection

windows

Use exploit protection to harden COM components

🧯 If You Can't Patch

Implement strict access controls and least privilege for local users
Monitor COM server access and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to COM components

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB patch is installed via 'wmic qfe list' or Windows Update history

📡 Detection & Monitoring

Log Indicators:

Unusual COM server access patterns
Multiple failed COM object creation attempts
Processes accessing COM interfaces with unusual parameters

Network Indicators:

Local RPC/DCOM traffic patterns (though primarily local)

SIEM Query:

EventID=4688 OR EventID=4689 with COM-related process names

📊 Metadata

CVE ID: CVE-2025-21272

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-908

EPSS Score: 0.19% exploit probability (40.5th percentile)

Published: January 14, 2025

Last Updated: January 27, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft