CVE-2025-21378

CVE-2025-21378 is an Elevation of Privilege vulnerability in the Windows CSC (Client-Side Caching) Service. It carries a CVSS v3.1 base score of 7.8, with a vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-122 (Heap-based Buffer Overflow) or related issues per NVD-CWE-noinfo. The vulnerability affects Windows operating systems where the CSC Service is present, allowing improper handling that leads to privilege escalation.

A low-privileged local attacker can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables the attacker to elevate privileges, potentially gaining high-impact control over confidentiality, integrity, and availability of the system, such as achieving SYSTEM-level access from a standard user context.

Microsoft's security advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378 provides details on patches and mitigation guidance for this vulnerability, published on 2025-01-14. Security practitioners should consult the update guide for applicable fixes across supported Windows versions.