Denial of Service Vulnerability in Windows Security Account Manager by Microsoft
CVE-2025-21313

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2025 (server Core Installation); Windows Server 2022, 23h2 Edition (server Core Installation); Windows 11 Version 24h2; Windows Server 2025
Vendor: CVE Published:; 14 January 2025

Summary

The Windows Security Account Manager (SAM) is susceptible to a Denial of Service vulnerability that could allow attackers to disrupt the normal operation of affected systems. By exploiting this flaw, an unauthorized user might be able to cause a system to become unresponsive, potentially leading to interruptions in service and a negative impact on overall system performance. It is crucial for users and administrators to apply security updates provided by Microsoft to mitigate this risk.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.2894

Windows Server 2022, 23H2 Edition (Server Core installation) x64-based Systems 10.0.25398.0 < 10.0.25398.1369

Windows Server 2025 (Server Core installation) x64-based Systems 10.0.26100.0 < 10.0.26100.2894

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 10, 2024