Scan free
HIGHCVE-2025-21343CVSS 7.5

CVE-2025-21343: Information Disclosure in Windows Web Threat Defense

Platform

windows

Component

windows-web-threat-defense-user-service

Fixed in

10.0.22621.4751

10.0.22631.4751

10.0.22631.4751

10.0.26100.2894

AI Confidence: highNVDEPSS 5.4%Reviewed: May 2026
View on NVD
Save

CVE-2025-21343 is an Information Disclosure vulnerability affecting the Windows Web Threat Defense User Service. This flaw allows attackers to potentially expose sensitive information stored within the service. The vulnerability impacts Windows versions 10.0.22621.0 through 10.0.26100.2894. Microsoft has released a security update to address this issue.

Impact and Attack Scenarios

Successful exploitation of CVE-2025-21343 could allow an attacker to gain unauthorized access to sensitive data processed by the Windows Web Threat Defense User Service. The specific data exposed depends on the service's configuration and the data it handles, but could include user credentials, network configurations, or other confidential information. While the vulnerability is classified as Information Disclosure, the potential for data compromise could lead to further attacks, such as privilege escalation or data exfiltration. The blast radius is limited to systems running the affected versions of Windows and utilizing the Web Threat Defense User Service.

Exploitation Context

CVE-2025-21343 was publicly disclosed on January 14, 2025. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. The CVSS score of 7.5 (High) indicates a significant potential for exploitation if a suitable exploit is developed and released.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

5.39% (90% percentile)

CISA SSVC

Exploitationnone
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C7.5HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentwindows-web-threat-defense-user-service
VendorMicrosoft
Affected rangeFixed in
10.0.22621.0 – 10.0.22621.475110.0.22621.4751
10.0.22631.0 – 10.0.22631.475110.0.22631.4751
10.0.22631.0 – 10.0.22631.475110.0.22631.4751
10.0.26100.0 – 10.0.26100.289410.0.26100.2894

Weakness Classification (CWE)

CWE-269

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-21343 is to upgrade to Windows version 10.0.26100.2894 or later, which includes the security update that resolves the vulnerability. If immediate patching is not feasible, consider implementing network segmentation to limit the potential impact of a successful exploit. Monitor network traffic for unusual activity related to the Web Threat Defense User Service. While no specific WAF rules are available, general rules to detect unusual data access patterns could be helpful.

How to fix

Actualice a la última versión de Windows 11 para obtener la corrección de seguridad. La actualización se puede realizar a través de Windows Update en la configuración del sistema.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-21343 — Information Disclosure in Windows Web Threat Defense?

CVE-2025-21343 is a high-severity vulnerability in the Windows Web Threat Defense User Service that allows attackers to potentially expose sensitive information. It affects Windows versions 10.0.22621.0–10.0.26100.2894.

Am I affected by CVE-2025-21343 in Windows Web Threat Defense?

You are affected if you are running Windows versions 10.0.22621.0 through 10.0.26100.2894 and have the Windows Web Threat Defense User Service enabled.

How do I fix CVE-2025-21343 in Windows Web Threat Defense?

Upgrade to Windows version 10.0.26100.2894 or later to apply the security update that resolves this vulnerability.

Is CVE-2025-21343 being actively exploited?

As of the current date, there are no known public exploits or active campaigns targeting CVE-2025-21343.

Where can I find the official Microsoft advisory for CVE-2025-21343?

Refer to the Microsoft Security Update Guide for CVE-2025-21343: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs