Login Sign Up

CVE-2025-21301

6.5 MEDIUM

📋 TL;DR

This vulnerability in Windows Geolocation Service allows unauthorized access to location information without proper permissions. It affects Windows systems where the geolocation service is enabled, potentially exposing sensitive location data to local attackers.

💻 Affected Systems

Products:
  • Windows Geolocation Service
Versions: Windows 10, Windows 11, and Windows Server versions with geolocation capabilities
Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where geolocation services are enabled and being used by applications.

📦 What is this software?

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

Windows Server 2022 23h2 by Microsoft

View all CVEs affecting Windows Server 2022 23h2 →

Windows Server 2025 by Microsoft

View all CVEs affecting Windows Server 2025 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could obtain precise location data of users or devices, enabling physical tracking, surveillance, or targeted attacks based on location patterns.

🟠

Likely Case

Local attackers or malicious applications could access location information they shouldn't have permission to view, violating user privacy.

🟢

If Mitigated

With proper access controls and service restrictions, the impact is limited to information disclosure with no system compromise.

🌐 Internet-Facing: LOW - This is primarily a local information disclosure vulnerability requiring local access or malicious application execution.
🏢 Internal Only: MEDIUM - Internal attackers or compromised applications could exploit this to gather location intelligence on users within the organization.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to execute code on the target system. Exploitation likely involves API manipulation or permission bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21301

Restart Required: Yes

Instructions:

1. Open Windows Update Settings. 2. Check for updates. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable Geolocation Service

windows

Turn off Windows location services to prevent information disclosure

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /t REG_SZ /d "Deny" /f

Restrict Location Permissions

windows

Configure location permissions to only allow trusted applications

Start > Settings > Privacy & security > Location > Turn off location services or manage app permissions

🧯 If You Can't Patch

  • Implement strict application control policies to prevent unauthorized applications from accessing location APIs
  • Use network segmentation to isolate systems with sensitive location requirements

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates via winver command or systeminfo

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify the latest security updates are installed and check that location services are properly restricted

📡 Detection & Monitoring

Log Indicators:

  • Unusual location API calls
  • Multiple failed permission requests to location services
  • Applications requesting location data without proper user consent

Network Indicators:

  • Unexpected geolocation API traffic
  • Location data being transmitted to unexpected endpoints

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%location%' OR CommandLine LIKE '%geolocation%') AND NOT UserName IN (trusted_users)

📊 Metadata

CVE ID: CVE-2025-21301
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-284
EPSS Score: 0.55% exploit probability (67.3th percentile)
Published: January 14, 2025
Last Updated: January 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21301, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)