CVE-2025-21315

High

Published: 14 January 2025

Published

14 January 2025

Modified

22 January 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0017 37.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Microsoft Brokering File System Elevation of Privilege Vulnerability

Security Summary

CVE-2025-21315 is an Elevation of Privilege vulnerability affecting the Microsoft Brokering File System. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) and is linked to CWE-416, with additional NVD-CWE-noinfo classification.

A local attacker with low privileges can exploit this vulnerability, which requires high attack complexity but no user interaction. Successful exploitation changes scope and enables high-impact effects on confidentiality, integrity, and availability, allowing privilege escalation on the affected system.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21315 provides details on patches and mitigation guidance.

Details

CWE(s): CWE-416NVD-CWE-noinfo

Affected Products

microsoft

windows 11 24h2

≤ 10.0.26100.2894

microsoft

windows server 2022 23h2

≤ 10.0.25398.1369

microsoft

windows server 2025

≤ 10.0.26100.2894

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21315
Patch, Vendor Advisory · secure@microsoft.com