CVE-2025-21420

Published Feb 11, 2025

Last updated 2 months ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-21420 is an elevation of privilege vulnerability that exists in the Windows Disk Cleanup tool. Successful exploitation could allow an attacker to elevate their privileges to SYSTEM level. As of February 18, 2025, the CVSS v3 score is 7.8, considered High. Microsoft has addressed this vulnerability. It is recommended to apply the necessary security updates to mitigate the risk.

Description: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-59
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "8B692D57-D1F5-440E-AC28-C7633740ED6E",
            "versionEndExcluding": "10.0.10240.20915"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "44723F8C-6B56-4A27-B213-E822ADC16078",
            "versionEndExcluding": "10.0.10240.20915"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
            "versionEndExcluding": "10.0.14393.7785"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
            "versionEndExcluding": "10.0.14393.7785"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
            "versionEndExcluding": "10.0.17763.6893"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
            "versionEndExcluding": "10.0.17763.6893"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
            "versionEndExcluding": "10.0.19044.5487"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
            "versionEndExcluding": "10.0.19045.5487"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
            "versionEndExcluding": "10.0.22621.4890"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FF62164-3C0C-4E7D-A8E3-F4095EBD35FF",
            "versionEndIncluding": "10.0.22631.4890"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
            "versionEndExcluding": "10.0.26100.3194"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
            "versionEndExcluding": "10.0.14393.7785"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
            "versionEndExcluding": "10.0.17763.6893"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
            "versionEndExcluding": "10.0.20348.3207"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27",
            "versionEndExcluding": "10.0.25398.1425"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
            "versionEndExcluding": "10.0.26100.3194"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]