Windows Kernel Memory Information Disclosure Vulnerability in Microsoft Products
CVE-2025-21323

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2022; Windows 10 Version 1809; Windows 10 Version 21h2; Windows 11 Version 22h2
Vendor: CVE Published:; 14 January 2025

Summary

A vulnerability exists in the Windows Kernel that could allow an attacker to obtain sensitive memory information. If exploited, this could lead to potential unauthorized access to sensitive data stored in memory, posing significant risks to system integrity and user confidentiality. Users are advised to assess their environment and apply security best practices to mitigate potential threats.

Affected Version(s)

Windows 10 Version 1507 x64-based Systems 10.0.10240.0 < 10.0.10240.20890

Windows 10 Version 1607 x64-based Systems 10.0.14393.0 < 10.0.14393.7699

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6775

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 11, 2024