CVE-2025-21183

High

Published: 11 February 2025

Published

11 February 2025

Modified

25 February 2025

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Security Summary

CVE-2025-21183 is a Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability, published on 2025-02-11. It affects the ReFS deduplication service component in Microsoft Windows operating systems. The vulnerability is associated with CWE-415 and has a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to significant impacts on confidentiality, integrity, and availability.

A local attacker with no required privileges can exploit this vulnerability. Exploitation demands high attack complexity and requires no user interaction. Successful exploitation enables the attacker to elevate privileges, potentially compromising the system at a high level across confidentiality, integrity, and availability.

Microsoft's update guide provides details on mitigation and patches for CVE-2025-21183 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21183.

Details

CWE(s): CWE-415NVD-CWE-noinfo

Affected Products

microsoft

windows 11 24h2

≤ 10.0.26100.3107

microsoft

windows server 2025

≤ 10.0.26100.3107

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21183
Patch, Vendor Advisory · secure@microsoft.com