CVE-2025-21350

Q: What is the severity of CVE-2025-21350?

CVE-2025-21350 has a CVSS score of 5.9 (MEDIUM). This Windows Kerberos vulnerability allows attackers to cause a denial of service by sending specially crafted requests to affected systems. It affects Windows servers and workstations using Kerberos authentication. The vulnerability could cause system instability or service disruption.

5.9 MEDIUM

Denial of Service

📋 TL;DR

This Windows Kerberos vulnerability allows attackers to cause a denial of service by sending specially crafted requests to affected systems. It affects Windows servers and workstations using Kerberos authentication. The vulnerability could cause system instability or service disruption.

💻 Affected Systems

Products:

Windows Server
Windows Client

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Kerberos authentication enabled; domain controllers and member servers likely affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service unavailability requiring reboot, potentially disrupting authentication services across the domain.

🟠

Likely Case

Temporary service disruption affecting Kerberos authentication, causing login failures or service interruptions until system recovers.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; authentication failures logged but services remain available.

🌐 Internet-Facing: LOW - Kerberos services typically not exposed directly to internet; requires internal network access.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt authentication services affecting domain operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send crafted Kerberos packets to vulnerable systems; likely requires some authentication or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21350

Restart Required: Yes

Instructions:

1. Check Microsoft Security Update Guide for CVE-2025-21350. 2. Download appropriate security update for your Windows version. 3. Install update following Microsoft's guidance. 4. Restart affected systems as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Kerberos ports (TCP/UDP 88) to trusted systems only

Configure firewall rules to limit Kerberos traffic to authorized hosts

Monitoring and Alerting

all

Implement monitoring for unusual Kerberos traffic patterns

Set up alerts for abnormal Kerberos request volumes or error rates

🧯 If You Can't Patch

Implement strict network access controls to Kerberos services
Monitor Kerberos service health and implement rapid response procedures for service disruptions

🔍 How to Verify

Check if Vulnerable:

Check Windows version and compare against Microsoft's affected versions list for CVE-2025-21350

Check Version:

wmic os get caption, version, buildnumber

Verify Fix Applied:

Verify Windows Update history shows the security patch installed and system version matches patched version

📡 Detection & Monitoring

Log Indicators:

Unusual Kerberos error events in Windows Security logs
Multiple Kerberos authentication failures
System event logs showing service crashes

Network Indicators:

Abnormal volume of Kerberos requests to single host
Unusual Kerberos packet sizes or malformed requests

SIEM Query:

EventID=4625 OR EventID=4771 | where TargetUserName contains "$@" | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-21350

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.63% exploit probability (69.7th percentile)

Published: February 11, 2025

Last Updated: February 28, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21350 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Monitoring and Alerting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities