CVE-2025-21375

Q: What is the severity of CVE-2025-21375?

CVE-2025-21375 has a CVSS score of 7.8 (HIGH). This vulnerability in the Kernel Streaming WOW Thunk Service Driver allows attackers to escalate privileges from a lower-privileged account to SYSTEM level. It affects Windows systems with the vulnerable driver component. Attackers need local access to exploit this vulnerability.

7.8 HIGH

📋 TL;DR

This vulnerability in the Kernel Streaming WOW Thunk Service Driver allows attackers to escalate privileges from a lower-privileged account to SYSTEM level. It affects Windows systems with the vulnerable driver component. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016/2019/2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with the Kernel Streaming WOW Thunk Service Driver component. Check Microsoft advisory for exact version details.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, enabling installation of malware, data theft, and complete control over the affected system.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install persistent backdoors, or access sensitive system resources.

🟢

If Mitigated

Limited impact if proper access controls, least privilege principles, and endpoint protection are implemented.

🌐 Internet-Facing: LOW - Requires local access to exploit, cannot be triggered remotely over the internet.

🏢 Internal Only: HIGH - Can be exploited by any authenticated user on the system, making it dangerous in multi-user environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and some technical knowledge. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21375

Restart Required: No

Instructions:

1. Check Microsoft Security Update Guide for CVE-2025-21375. 2. Apply the appropriate Windows security update for your version. 3. Verify the update was successful.

🔧 Temporary Workarounds

Restrict driver loading

Windows

Configure Windows to only load signed drivers to prevent unauthorized driver exploitation

bcdedit /set testsigning off
bcdedit /set nointegritychecks off

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for the specific KB patch mentioned in Microsoft's advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify the security update is installed via Windows Update or by checking system version

📡 Detection & Monitoring

Log Indicators:

Event ID 4697: Service installation
Suspicious driver loading events
Privilege escalation attempts in security logs

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

EventID=4697 OR (EventID=4688 AND NewProcessName contains "cmd.exe" OR "powershell.exe") | where ParentProcessName contains "services.exe"

📊 Metadata

CVE ID: CVE-2025-21375

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.16% exploit probability (37.2th percentile)

Published: February 11, 2025

Last Updated: February 26, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21375 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict driver loading

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities