Cyber Posture

CVE-2025-21224

High

Published: 14 January 2025

Published
14 January 2025
Modified
29 May 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0050 66.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Security Summary

CVE-2025-21224 is a Remote Code Execution vulnerability in the Windows Line Printer Daemon (LPD) Service. Published on 2025-01-14, it carries a CVSS v3.1 base score of 8.1 (High) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and is associated with CWEs-416 (Use After Free) and CWE-591.

Unauthenticated remote attackers can exploit this vulnerability over the network with high attack complexity and no user interaction. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21224 provides details on patching. Vicarius offers a detection script at https://www.vicarius.io/vsociety/posts/cve-2025-21224-remote-code-execution-vulnerability-in-windows-line-printer-daemon-service-detection-script and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2025-21224-remote-code-execution-vulnerability-in-windows-line-printer-daemon-service-mitigation-script.

Details

CWE(s)
CWE-416CWE-591NVD-CWE-noinfo

Affected Products

microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894
microsoft
windows server 2022
≤ 10.0.20348.3091
microsoft
windows server 2022 23h2
≤ 10.0.25398.1369
microsoft
windows server 2025
≤ 10.0.26100.2894

References