CVE-2025-21374

Q: What is the severity of CVE-2025-21374?

CVE-2025-21374 has a CVSS score of 5.5 (MEDIUM). This vulnerability in the Windows Client Side Caching (CSC) service allows an authenticated attacker to read sensitive information from system memory. It affects Windows systems with the CSC service enabled, potentially exposing credentials or other sensitive data to local users.

5.5 MEDIUM

📋 TL;DR

This vulnerability in the Windows Client Side Caching (CSC) service allows an authenticated attacker to read sensitive information from system memory. It affects Windows systems with the CSC service enabled, potentially exposing credentials or other sensitive data to local users.

💻 Affected Systems

Products:

Windows Client Side Caching (CSC) service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CSC service to be enabled and running. Most Windows systems have this enabled by default for offline file access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could read sensitive information like credentials, encryption keys, or other privileged data from system memory, leading to privilege escalation or lateral movement.

🟠

Likely Case

Local authenticated users could read limited sensitive information from memory, potentially exposing some system data but not full system compromise.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to information disclosure within the attacker's existing privilege level.

🌐 Internet-Facing: LOW - This requires local authentication and cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Internal authenticated users could exploit this to gather sensitive information for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Restart the system to complete the installation. 3. Verify the update was successfully applied.

🔧 Temporary Workarounds

Disable CSC Service

windows

Disables the Client Side Caching service to prevent exploitation

sc config csc start= disabled
sc stop csc

🧯 If You Can't Patch

Restrict local user access to systems with CSC service enabled
Implement strict access controls and monitoring for authenticated user activities

🔍 How to Verify

Check if Vulnerable:

Check if CSC service is running: sc query csc

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history shows the relevant security update installed

📡 Detection & Monitoring

Log Indicators:

Unusual CSC service activity
Multiple failed CSC service access attempts
Unexpected memory read operations

Network Indicators:

Local system calls to CSC service with unusual patterns

SIEM Query:

EventID=4688 AND ProcessName LIKE '%csc%' AND CommandLine CONTAINS 'memory'

📊 Metadata

CVE ID: CVE-2025-21374

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

EPSS Score: 0.17% exploit probability (38.7th percentile)

Published: January 14, 2025

Last Updated: January 17, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2012 by Microsoft