CVE-2025-21311

CRITICAL9.8JSON export Create alert

Description

Windows NTLM V1 Elevation of Privilege Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Windows 11 Version 24H210.0.26100.0 – 10.0.26100.2894
Microsoft / Windows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 – 10.0.25398.1369
Microsoft / Windows Server 202510.0.26100.0 – 10.0.26100.2894
Microsoft / Windows Server 2025 (Server Core installation)10.0.26100.0 – 10.0.26100.2894

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311