CVE-2025-29957

Q: What is the severity of CVE-2025-29957?

CVE-2025-29957 has a CVSS score of 6.2 (MEDIUM). This vulnerability in Windows Deployment Services allows an unauthorized attacker to cause a denial of service through uncontrolled resource consumption. Attackers can exhaust system resources locally, disrupting deployment services. Organizations using Windows Deployment Services for network-based OS installations are affected.

6.2 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability in Windows Deployment Services allows an unauthorized attacker to cause a denial of service through uncontrolled resource consumption. Attackers can exhaust system resources locally, disrupting deployment services. Organizations using Windows Deployment Services for network-based OS installations are affected.

💻 Affected Systems

Products:

Windows Deployment Services

Versions: Specific versions not yet detailed in initial advisory

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Windows Deployment Services role installed and enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of Windows Deployment Services preventing network-based OS installations and deployments across the organization.

🟠

Likely Case

Temporary service degradation or unavailability of Windows Deployment Services affecting deployment workflows.

🟢

If Mitigated

Minimal impact with proper network segmentation and resource monitoring in place.

🌐 Internet-Facing: LOW - Windows Deployment Services should not be exposed to the internet by design.

🏢 Internal Only: MEDIUM - Requires internal network access but can disrupt critical deployment infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated local exploitation suggests relatively simple attack vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29957

Restart Required: Yes

Instructions:

1. Apply latest Windows Server security updates from Microsoft
2. Install the specific KB patch referenced in the advisory
3. Restart the Windows Deployment Services server

🔧 Temporary Workarounds

Network Segmentation

windows

Restrict access to Windows Deployment Services to only authorized management networks

Configure Windows Firewall to restrict WDS ports (67, 68, 69, 4011) to trusted IP ranges

Resource Monitoring

windows

Implement monitoring for unusual resource consumption on WDS servers

Configure Performance Monitor alerts for high CPU/memory usage on WDS processes

🧯 If You Can't Patch

Isolate Windows Deployment Services servers from general network access
Implement strict network access controls and monitor for abnormal connection patterns

🔍 How to Verify

Check if Vulnerable:

Check if Windows Deployment Services role is installed and if system has unpatched Windows Server version

Check Version:

wmic qfe list brief | findstr /i KB

Verify Fix Applied:

Verify latest Windows updates are installed and check WDS service functionality

📡 Detection & Monitoring

Log Indicators:

Unusual number of connection attempts to WDS
High resource utilization alerts on WDS servers
WDS service crash or restart events

Network Indicators:

Abnormal traffic patterns to WDS ports (67, 68, 69, 4011)
Multiple rapid connection attempts from single sources

SIEM Query:

source="WDS-Server" AND (event_id=7034 OR event_id=1000) OR (process_name="svchost.exe" AND service_name="WDSServer")

📊 Metadata

CVE ID: CVE-2025-29957

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.49% exploit probability (64.9th percentile)

Published: May 13, 2025

Last Updated: May 19, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29957 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Resource Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities