What is CVE-2025-21313?

A medium-severity Denial of Service vulnerability exists in Microsoft Windows Security Account Manager (SAM). The vulnerability may allow an attacker to disrupt services, impacting availability. Organizations should address this in their patch cycle.

What is the severity of CVE-2025-21313?

CVE-2025-21313 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2025-21313 | Medium Vulnerability in Microsoft Windows Security Account Manager (SAM)

CVE-2025-21313 is a medium-severity Denial of Service vulnerability affecting Microsoft Windows Security Account Manager (SAM). This vulnerability allows attackers to cause significant disruptions to service availability, which is particularly concerning for organizations relying on SAM for authenticating users and managing security credentials. The vulnerability has a CVSS score of 6.5, indicating that while it is not critical, it poses a serious risk that must be addressed promptly.

This vulnerability was published on January 14, 2025, and has been officially analyzed. The attack vector is network-based, and it requires low privileges for exploitation, making it more accessible to potential attackers. Given the impact on availability, organizations should prioritize patching this vulnerability to mitigate the risk of service disruptions.

Currently, there is no public exploit available for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, the potential for exploitation remains a concern, necessitating immediate attention from security teams.

Organizations should assess their environments for this vulnerability and incorporate necessary remediation into their patch management cycles. Given the availability impact, it is essential to implement fixes promptly.

Vulnerability Details

The official description of CVE-2025-21313 highlights that it is a Denial of Service vulnerability related to Windows Security Account Manager (SAM). The CVSS score of 6.5 categorizes it as medium severity, and the vulnerability primarily impacts the availability of the affected systems. The vulnerability affects multiple versions of Microsoft Windows, including Windows 11 24H2, Windows Server 2022 23H2, and Windows Server 2025.

The vulnerability was assigned CWE-833, which relates to the improper handling of conditions that can lead to a denial of service state. This mismanagement can allow an attacker to exploit the vulnerability through a network attack, requiring low privileges and no user interaction.

The vulnerability was disclosed on January 14, 2025, and its last modification was on February 5, 2025. Organizations should ensure that their systems are updated to avoid potential service interruptions.

Technical Analysis

The root cause of CVE-2025-21313 lies in the Windows Security Account Manager's failure to correctly handle specific network requests. This oversight can lead to a denial of service condition, where legitimate requests are unable to be processed, and users may experience service disruptions.

The attack vector is network-based, allowing attackers to initiate an attack from a remote location. The attack complexity is low, meaning that attackers do not require advanced skills to exploit this vulnerability. Moreover, since low privileges are sufficient for exploitation, the barrier to entry for potential attackers is significantly reduced.

No user interaction is required to exploit this vulnerability, which increases its risk profile. The impact on confidentiality and integrity is none; however, the availability impact is high, making this a critical vulnerability that organizations need to address swiftly to maintain operational continuity.

Risk & Impact Analysis

The deployment of systems affected by CVE-2025-21313 poses a considerable risk to organizations. The potential for denial of service attacks can lead to significant operational disruptions, affecting business continuity and user experience. Given that the attack vector is network-based and requires low privileges, the likelihood of exploitation increases, especially for organizations with exposed systems.

Organizations should assess their current configurations to understand the potential blast radius of this vulnerability. The urgency to patch is categorized as medium; organizations should address it in their priority patch cycle to mitigate the risks effectively.

With an EPSS score of 0.0094, this vulnerability is currently in the lower percentile of exploitation likelihood. However, the lack of known exploits does not diminish the importance of remediation, as the dynamics of exploitation can change rapidly.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of Microsoft Windows are affected by CVE-2025-21313: Windows 11 24H2, Windows Server 2022 23H2, and Windows Server 2025. Organizations should verify that their systems are up to date and implement the necessary patches.

Mitigation & Remediation

To mitigate CVE-2025-21313, organizations should apply the latest patches provided by Microsoft. Ensure that your systems are updated to versions that address this vulnerability. In cases where an immediate patch is not available, consider implementing temporary workarounds such as disabling unnecessary services that could be exploited.

Organizations may also benefit from conducting a thorough security assessment to identify any additional weaknesses within their environment. For ongoing security validation, organizations should consider engaging in penetration testing to ensure that all security measures are effective.

Detection Guidance

To detect potential exploitation of CVE-2025-21313, monitor logs for unusual network activity targeting the Security Account Manager. Behavioral anomalies, such as unexpected service interruptions or failures related to authentication processes, should also be noted. Implement network signatures to identify malicious attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

CVE-2025-21313 represents a critical area of concern within the Microsoft ecosystem, particularly regarding service availability. Monitoring for similar vulnerabilities, especially in network services that require frequent updates, is essential for maintaining robust security. Security teams should implement proactive measures, including consistent vulnerability assessments and adopting a vulnerability management program to enhance their security posture.

This vulnerability underscores the importance of patch management and the need for a comprehensive understanding of the attack surface. As attackers continuously adapt their strategies, organizations must remain vigilant and informed about emerging threats and vulnerabilities, ensuring that their defenses are timely and effective.

For effective incident response, organizations should establish a robust monitoring system to detect and respond to anomalies that may indicate attempted exploitation of vulnerabilities like CVE-2025-21313. Additionally, engaging in regular security training for staff can enhance awareness and readiness against potential threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-21313: Medium Vulnerability in Microsoft Windows Security Account Manager (SAM)