CVE-2025-21378

Q: What is the severity of CVE-2025-21378?

CVE-2025-21378 has a CVSS score of 7.8 (HIGH). This vulnerability in Windows CSC (Client Side Caching) Service allows local attackers to escalate privileges on affected systems. Attackers could gain SYSTEM-level access by exploiting improper memory handling. All Windows systems with the vulnerable service are affected.

7.8 HIGH

📋 TL;DR

This vulnerability in Windows CSC (Client Side Caching) Service allows local attackers to escalate privileges on affected systems. Attackers could gain SYSTEM-level access by exploiting improper memory handling. All Windows systems with the vulnerable service are affected.

💻 Affected Systems

Products:

Windows CSC Service

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with CSC service enabled are vulnerable. This service is typically enabled by default on client systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM, allowing attackers to bypass security controls and maintain persistence.

🟢

If Mitigated

Limited impact due to proper access controls, network segmentation, and monitoring preventing successful exploitation.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts could exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and user-level privileges to initiate exploitation. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply latest Windows security updates from Microsoft

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable CSC Service

all

Disable the Client Side Caching service to prevent exploitation

sc config csc start= disabled
sc stop csc

Restrict Service Permissions

all

Modify service permissions to limit who can interact with CSC service

sc sdset csc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Monitor for suspicious service activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if CSC service is running: sc query csc

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history shows latest security updates installed

📡 Detection & Monitoring

Log Indicators:

Event ID 4688 with CSC service process creation
Unexpected privilege escalation events
Service control manager logs showing CSC service manipulation

Network Indicators:

Unusual outbound connections from CSC service

SIEM Query:

EventID=4688 AND ProcessName LIKE '%csc%' AND NewProcessName LIKE '%cmd%' OR NewProcessName LIKE '%powershell%'

📊 Metadata

CVE ID: CVE-2025-21378

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.36% exploit probability (57.4th percentile)

Published: January 14, 2025

Last Updated: January 17, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2012 by Microsoft