CVE-2025-21368

Q: What is the severity of CVE-2025-21368?

CVE-2025-21368 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote code execution through Microsoft Digest Authentication, enabling attackers to execute arbitrary code on affected systems. It affects systems using Microsoft Digest Authentication, primarily Windows servers and applications configured with this authentication method. Attackers can exploit this without user interaction in certain configurations.

8.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution through Microsoft Digest Authentication, enabling attackers to execute arbitrary code on affected systems. It affects systems using Microsoft Digest Authentication, primarily Windows servers and applications configured with this authentication method. Attackers can exploit this without user interaction in certain configurations.

💻 Affected Systems

Products:

Windows Server
Windows
Microsoft applications using Digest Authentication

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows Server, Windows

Default Config Vulnerable: ✅ No

Notes: Requires Digest Authentication to be enabled and configured. Not all Windows systems use this authentication method by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install malware, steal data, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Initial foothold leading to privilege escalation, lateral movement within network, and data exfiltration.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of Digest Authentication protocol and ability to craft malicious authentication requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21368

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Restart affected systems. 3. Verify patch installation via Windows Update history.

🔧 Temporary Workarounds

Disable Digest Authentication

Windows

Disable Microsoft Digest Authentication if not required for business operations

Disable via Group Policy or registry settings for affected systems

Network Segmentation

all

Restrict access to systems using Digest Authentication to trusted networks only

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Enable enhanced logging and monitoring for Digest Authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check if Digest Authentication is enabled on Windows systems via registry or security policies

Check Version:

wmic os get caption,version,buildnumber

Verify Fix Applied:

Verify Windows Update history shows the relevant security patch installed

📡 Detection & Monitoring

Log Indicators:

Failed Digest Authentication attempts
Unusual authentication patterns
Process creation from authentication services

Network Indicators:

Malformed Digest Authentication requests
Unusual traffic to authentication endpoints

SIEM Query:

source="windows-security" AND event_id IN (4625, 4648) AND authentication_package="Digest"

📊 Metadata

CVE ID: CVE-2025-21368

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.74% exploit probability (72.4th percentile)

Published: February 11, 2025

Last Updated: February 26, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21368 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Digest Authentication

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities