Internet Connection Sharing Denial of Service Vulnerability in Microsoft Products
CVE-2025-21254

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 11 February 2025

Summary

A vulnerability in the Internet Connection Sharing (ICS) feature of Microsoft products enables a Denial of Service (DoS) attack, potentially disrupting network connectivity. An attacker can exploit this vulnerability to cause significant disruption by sending crafted packets. It is crucial to evaluate your systems for this security issue and implement necessary measures to mitigate the risk.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7785

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6893

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.5487

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 10, 2024