Information Disclosure Vulnerability in Windows Web Threat Defense by Microsoft
CVE-2025-21343

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 22h2; Windows 11 Version 22h3; Windows 11 Version 23h2; Windows 11 Version 24h2
Vendor: CVE Published:; 14 January 2025

Summary

The vulnerability in Windows Web Threat Defense allows an attacker to gain unauthorized access to sensitive information via the User Service. This can lead to potential exposure of critical data, making it essential for users and administrators to mitigate risks by applying security updates and monitoring their systems closely.

Affected Version(s)

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4751

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22621.4751

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.4751

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 11, 2024