CVE-2025-21373

Q: What is the severity of CVE-2025-21373?

CVE-2025-21373 has a CVSS score of 7.8 (HIGH). This Windows Installer vulnerability allows attackers to elevate privileges on affected systems by exploiting improper handling of file operations. It affects Windows systems with the vulnerable Windows Installer component. Attackers need local access to exploit this vulnerability.

7.8 HIGH

📋 TL;DR

This Windows Installer vulnerability allows attackers to elevate privileges on affected systems by exploiting improper handling of file operations. It affects Windows systems with the vulnerable Windows Installer component. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows Installer

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Windows versions are vulnerable. Requires local user access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could gain SYSTEM-level privileges, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Malware or malicious users could escalate from standard user to administrator privileges, bypassing security controls and installing additional malicious software.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to users who already have some level of local access.

🌐 Internet-Facing: LOW - This requires local access and cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - Internal attackers or malware with local access can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and some technical knowledge. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest Windows security updates for affected versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates via Windows Update. 2. For enterprise environments, deploy patches through WSUS or SCCM. 3. Verify patch installation through Windows Update history.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts and implement least privilege principles to reduce attack surface

🧯 If You Can't Patch

Implement strict access controls and limit local administrative privileges
Monitor for privilege escalation attempts and suspicious installer activity

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security updates or use Microsoft's security update guide

Check Version:

winver

Verify Fix Applied:

Verify Windows Update KB number from Microsoft advisory is installed via 'winver' or Windows Update history

📡 Detection & Monitoring

Log Indicators:

Windows Installer service unusual activity
Privilege escalation attempts in security logs
Unexpected MSI package installations

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

EventID 4688 with process name containing 'msiexec.exe' and privilege changes

📊 Metadata

CVE ID: CVE-2025-21373

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-59

EPSS Score: 0.23% exploit probability (45.7th percentile)

Published: February 11, 2025

Last Updated: February 26, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities