CVE-2025-27473

Q: What is the severity of CVE-2025-27473?

CVE-2025-27473 has a CVSS score of 7.5 (HIGH). This vulnerability in Windows HTTP.sys allows unauthorized attackers to cause denial of service by consuming excessive resources. It affects Windows systems using HTTP.sys for web services, potentially impacting web servers and applications relying on this component.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Windows HTTP.sys allows unauthorized attackers to cause denial of service by consuming excessive resources. It affects Windows systems using HTTP.sys for web services, potentially impacting web servers and applications relying on this component.

💻 Affected Systems

Products:

Windows HTTP.sys

Versions: Specific Windows versions as detailed in Microsoft advisory

Operating Systems: Windows Server, Windows Client versions with HTTP.sys

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using HTTP.sys for web services (IIS, HTTP API applications) are vulnerable. HTTP.sys is enabled by default on Windows Server when web server roles are installed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for web applications and services using HTTP.sys, potentially affecting multiple dependent systems.

🟠

Likely Case

Degraded performance or temporary service interruptions for web services on affected Windows systems.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated network-based attack requiring only network access to vulnerable HTTP.sys endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27473

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft
2. Restart affected systems after patch installation
3. Verify patch installation via Windows Update history

🔧 Temporary Workarounds

Network segmentation and filtering

windows

Restrict network access to HTTP.sys endpoints to trusted sources only

Use Windows Firewall: netsh advfirewall firewall add rule name="Block HTTP.sys" dir=in action=block protocol=TCP localport=80,443,8080 remoteip=untrusted-ips

Rate limiting and request throttling

all

Implement request rate limiting at network or application level

🧯 If You Can't Patch

Implement strict network access controls to HTTP.sys endpoints
Deploy web application firewalls with DoS protection capabilities

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates against Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify security update KB number is installed via Windows Update history

📡 Detection & Monitoring

Log Indicators:

Unusual high volume of HTTP requests in IIS logs
HTTP.sys error events in Windows Event Logs
Resource exhaustion warnings

Network Indicators:

Abnormal spike in HTTP traffic to Windows systems
Repeated connection attempts to HTTP.sys ports

SIEM Query:

source="windows" event_id=* (http OR iis) AND (request_count > threshold OR error_rate > threshold)

📊 Metadata

CVE ID: CVE-2025-27473

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 44.42% exploit probability (97.5th percentile)

Published: April 8, 2025

Last Updated: July 8, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27473 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network segmentation and filtering

Rate limiting and request throttling

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities