CVE-2025-21182

High

Published: 11 February 2025

Published

11 February 2025

Modified

25 February 2025

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Security Summary

CVE-2025-21182 is an Elevation of Privilege vulnerability in the Windows Resilient File System (ReFS) Deduplication Service. It affects Windows systems utilizing ReFS with deduplication enabled, allowing attackers to exploit a flaw that leads to privilege escalation. The vulnerability has a CVSS v3.1 base score of 7.4 (High), with vector AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-415.

A local attacker with no privileges required can exploit this vulnerability, though it demands high attack complexity and no user interaction. Successful exploitation enables the attacker to gain elevated privileges, resulting in high impacts on confidentiality, integrity, and availability within the unchanged scope.

Microsoft's Security Response Center provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21182, recommending the application of available security updates to mitigate the issue.

Details

CWE(s): CWE-415NVD-CWE-noinfo

Affected Products

microsoft

windows 11 24h2

≤ 10.0.26100.3107

microsoft

windows server 2025

≤ 10.0.26100.3107

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21182
Patch, Vendor Advisory · secure@microsoft.com