Windows Kernel Memory Information Disclosure Vulnerability in Microsoft Products
CVE-2025-21317

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Server 2022
Windows 10 Version 21h2
Windows 11 Version 22h2
Windows 10 Version 22h2
Vendor
CVE Published:
14 January 2025

Summary

The Windows Kernel memory information disclosure vulnerability allows an attacker to gain access to sensitive information from the kernel memory space. By exploiting this flaw, malicious actors can retrieve information that may lead to further attacks on the system. Affected systems can be at risk, where improper handling of memory can aid in amplifying threats. Organizations are advised to apply the latest security updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.5371

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5371

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4751

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.