CVE-2025-21311

Published: Jan 14, 2025Modified: Jan 24, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Windows NTLM V1 Elevation of Privilege Vulnerability

Affected (3)

Products: Microsoft: Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025

3 products

Windows 11 24h2

Windows Server 2022 23h2

Windows Server 2025

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 11 24h2	Before 10.0.26100.2894
Microsoft Windows Server 2022 23h2	Before 10.0.25398.1369
Microsoft Windows Server 2025	Before 10.0.26100.2894

Related CWEs

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311

Source: secure@microsoft.com

PatchVendor Advisory

Timeline

No history available yet.