Denial of Service Vulnerability in Web Threat Defense by Microsoft
CVE-2025-29971

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 22h2; Windows 11 Version 22h3; Windows 11 Version 23h2; Windows 11 Version 24h2
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-29971?

An out-of-bounds read issue in Web Threat Defense (WTD.sys) enables unauthorized attackers to exploit the vulnerability, potentially leading to service denial over a network. This flaw can compromise the availability of services, making it vital for organizations to address this vulnerability promptly. For more details and guidance, refer to Microsoft's advisory.

Affected Version(s)

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.5335

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22631.5335

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.5335

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Mar 12, 2025

CVE-2025-29971 Data

JSON