What is CVE-2025-21352?

A medium severity denial of service vulnerability affects various Microsoft Windows versions through Internet Connection Sharing (ICS). Organizations should prioritize patching to maintain availability.

What is the severity of CVE-2025-21352?

CVE-2025-21352 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2025-21352 | Medium Vulnerability in Microsoft Windows

CVE-2025-21352 is a medium severity denial of service vulnerability impacting Internet Connection Sharing (ICS) in several Microsoft Windows versions. With a CVSS score of 6.5, this vulnerability poses a significant risk due to its potential to disrupt service availability.

Published on February 11, 2025, this vulnerability allows attackers in adjacent networks to cause a denial of service, impacting availability without requiring any privileges or user interaction. Given the nature of the attack vector and the availability impact rated as high, organizations should prioritize mitigating this risk.

Organizations should address this vulnerability in their priority patch cycle to ensure continued network availability and prevent service interruptions.

Currently, there is no known public exploit for this vulnerability, but the attack vector makes it critical for organizations to remain vigilant and prepared.

Vulnerability Details

The official description of CVE-2025-21352 is an 'Internet Connection Sharing (ICS) Denial of Service Vulnerability'. The affected products include various versions of Microsoft Windows, such as Windows 10 and Windows Server editions, with specific versions listed in the configurations section.

The CVSS score of 6.5 indicates a medium severity level, which requires immediate attention. The vulnerability falls under the CWE-400 classification, indicating a potential denial of service issue.

Technical Analysis

The root cause of this vulnerability lies in the Internet Connection Sharing feature, allowing unauthorized access to network resources. The attack vector is classified as adjacent network, meaning that an attacker must be on the same local network to exploit this vulnerability.

The attack complexity is low, requiring no privileges or user interaction, making it easier for potential attackers to exploit. The impact on confidentiality and integrity is minimal, while the availability impact is high, leading to significant service disruption.

Risk & Impact Analysis

Risk to organizations includes potential service disruption affecting business operations. With the high availability impact, this vulnerability could result in substantial downtime and loss of productivity.

Organizations should prioritize addressing this vulnerability in their patch management cycles to mitigate the associated risks. The urgency is classified as medium, requiring timely remediation to prevent exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects various Microsoft Windows versions, including but not limited to Windows 10 (1507, 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), and multiple Windows Server versions (2008, 2012, 2016, 2019, 2022). All versions prior to the vendor patch are affected.

Mitigation & Remediation

Organizations should apply the latest patches provided by Microsoft to remediate this vulnerability. For further details, you can refer to the patch details. In cases where patching is not immediately feasible, implementing network segmentation and monitoring can help mitigate risks.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual traffic patterns around Internet Connection Sharing features, as well as any signs of service disruptions that may indicate a denial of service attack.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-21352 lies in its potential to impact network availability across multiple Windows versions. This vulnerability highlights the importance of maintaining up-to-date systems to minimize exposure to denial of service attacks.

Security teams should consider this incident as a reminder to continuously evaluate their security posture and implement robust network security measures to mitigate similar vulnerabilities in the future.

For comprehensive guidance on penetration testing, organizations can refer to the following resources: penetration testing methodology, vulnerability management program design, and API penetration testing guide to strengthen defenses against future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-21352: Medium Vulnerability in Microsoft Windows