CVE-2025-21378

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 122

Summary

CVE-2025-21378 is a newly disclosed vulnerability affecting the Common Security Configuration (CSC) service in Windows systems. This elevation of privilege (EoP) issue allows an attacker to gain heightened system access by manipulating the CSC service. Successful exploitation of this vulnerability could lead to significant damage, including the installation of malware or unauthorized system changes. The CSC service is responsible for managing security configurations on Windows systems, making this a serious concern for organizations that rely on these systems for critical operations. Microsoft has released a patch to address this vulnerability, and it is strongly recommended that all affected systems be updated promptly to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 10
  • Microsoft Windows 11
  • Windows Server 2022

Affected Vendors

  • Microsoft