Elevation of Privilege Vulnerability in Microsoft Windows Local Security Authority
CVE-2025-21191

7HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2025; Windows Server 2025 (server Core Installation); Windows 10 Version 1809; Windows Server 2019
Vendor: CVE Published:; 8 April 2025

Summary

A time-of-check to time-of-use (TOCTOU) race condition exists in Microsoft's Local Security Authority (LSA), which may allow an attacker with local access to elevate privileges. By exploiting this vulnerability, an authorized user could potentially gain greater control over the affected system than initially intended, compromising system security.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20978

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7970

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7137

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Dec 5, 2024