What is the severity of CVE-2025-21358?

CVE-2025-21358 has been classified as an elevation of privilege vulnerability, which can allow an attacker to gain higher privileges.

How do I fix CVE-2025-21358?

To fix CVE-2025-21358, apply the appropriate security updates provided by Microsoft for the affected Windows versions.

Which versions of Windows are affected by CVE-2025-21358?

CVE-2025-21358 affects multiple versions of Windows including Windows 10, Windows 11, and Windows Server 2016 and 2019.

Can CVE-2025-21358 be exploited remotely?

CVE-2025-21358 typically requires local access to be exploited, making remote exploitation less likely.

What are the potential impacts of CVE-2025-21358 if exploited?

Exploiting CVE-2025-21358 could allow an attacker to execute arbitrary code with elevated privileges.

Vulnerability/
CVE-2025-21358

high

7.8

CWE

822

11/2/2025

21/2/2025

CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability

First published: Tue Feb 11 2025(Updated: )

Windows Core Messaging Elevation of Privileges Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows 11	=23H2	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows Server 2025		fix available externally fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows 11	=24H2	fix available externally fix available externally
Microsoft Windows 11	=24H2	fix available externally fix available externally
Microsoft Windows Server 2022		fix available externally fix available externally
Microsoft Windows Server 2022		fix available externally fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows Server 2022 23H2		fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows Server 2025		fix available externally fix available externally
Microsoft Windows 11	=23H2	fix available externally
		fix available externally
	=1607	fix available externally
		fix available externally
	=1607	fix available externally
		fix available externally
		fix available externally fix available externally
	=24H2	fix available externally fix available externally
		fix available externally
		fix available externally
	=24H2	fix available externally fix available externally
	=23H2	fix available externally
	=23H2	fix available externally
		fix available externally fix available externally
	=22H2	fix available externally
	=22H2	fix available externally
	=22H2	fix available externally
	=22H2	fix available externally
	=21H2	fix available externally
		fix available externally fix available externally
	=22H2	fix available externally
	=21H2	fix available externally
	=21H2	fix available externally
		fix available externally
		fix available externally
		fix available externally fix available externally
	=1809	fix available externally
	=1809	fix available externally

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21358 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2025-21358?
CVE-2025-21358 has been classified as an elevation of privilege vulnerability, which can allow an attacker to gain higher privileges.
How do I fix CVE-2025-21358?
To fix CVE-2025-21358, apply the appropriate security updates provided by Microsoft for the affected Windows versions.
Which versions of Windows are affected by CVE-2025-21358?
CVE-2025-21358 affects multiple versions of Windows including Windows 10, Windows 11, and Windows Server 2016 and 2019.
Can CVE-2025-21358 be exploited remotely?
CVE-2025-21358 typically requires local access to be exploited, making remote exploitation less likely.
What are the potential impacts of CVE-2025-21358 if exploited?
Exploiting CVE-2025-21358 could allow an attacker to execute arbitrary code with elevated privileges.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/type
collector/msrc-cve
source/Microsoft
agent/first-publish-date
agent/description
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/source
agent/event
agent/tags
collector/msrc
vendor/microsoft
canonical/microsoft windows 10
version/microsoft windows 10/1607
canonical/microsoft windows 11
version/microsoft windows 11/22h2
canonical/microsoft windows server 2016
version/microsoft windows 10/21h2
version/microsoft windows 10/1809
canonical/microsoft windows server 2019
version/microsoft windows 11/23h2
version/microsoft windows 10/22h2
canonical/microsoft windows server 2025
version/microsoft windows 11/24h2
canonical/microsoft windows server 2022
canonical/microsoft windows server 2022 23h2