Scan free
HIGHCVE-2025-21360CVSS 7.8

CVE-2025-21360: Privilege Escalation in Microsoft AutoUpdate

Platform

macos

Component

microsoft-autoupdate

Fixed in

4.76

AI Confidence: highNVDEPSS 0.2%Reviewed: May 2026
View on NVD
Save

CVE-2025-21360 describes a privilege escalation vulnerability within Microsoft AutoUpdate (MAU) on macOS. Successful exploitation could allow an attacker to gain elevated system privileges, potentially leading to unauthorized access and control. This vulnerability impacts versions 4.0.0 through 4.76; Microsoft has released a patch in version 4.76.

Impact and Attack Scenarios

The core impact of CVE-2025-21360 lies in its potential for privilege escalation. An attacker who can successfully exploit this flaw could bypass standard security controls and execute code with elevated permissions. This could enable them to install malware, steal sensitive data, modify system configurations, or even gain complete control over the affected macOS system. The blast radius extends to any data or resources accessible by the user account under which MAU is running, and potentially beyond if the attacker can leverage the elevated privileges to compromise other parts of the system. While specific attack scenarios are not detailed in the available information, the nature of privilege escalation vulnerabilities often involves exploiting flaws in how MAU handles updates or interacts with the operating system.

Exploitation Context

CVE-2025-21360 was publicly disclosed on January 14, 2025. The vulnerability's exploitation context is currently unclear; no public proof-of-concept (PoC) code has been released. Its inclusion in the CISA KEV catalog is pending. The CVSS score of 7.8 indicates a high probability of exploitation if a PoC becomes available.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureLow

EPSS

0.22% (44% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C7.8HIGHAttack VectorLocalHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Local — attacker needs a local shell or interactive session on the system.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentmicrosoft-autoupdate
VendorMicrosoft
Affected rangeFixed in
4.0.0 – 4.764.76

Weakness Classification (CWE)

CWE-269

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-21360 is to upgrade Microsoft AutoUpdate to version 4.76 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider temporarily restricting the execution of AutoUpdate processes and carefully monitoring system logs for suspicious activity. While no specific WAF or proxy rules are applicable, ensuring that the system is generally hardened against unauthorized software installations can reduce the attack surface. After upgrading, confirm the successful update by verifying the AutoUpdate version number within the Microsoft AutoUpdate application.

How to fix

Actualice Microsoft AutoUpdate a la versión 4.76 o posterior. La actualización se puede realizar a través de la propia aplicación Microsoft AutoUpdate o descargando la última versión desde el sitio web de Microsoft. Esto solucionará la vulnerabilidad de elevación de privilegios.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-21360 — Privilege Escalation in Microsoft AutoUpdate?

CVE-2025-21360 is a privilege escalation vulnerability affecting Microsoft AutoUpdate on macOS, allowing potential attackers to gain elevated system privileges.

Am I affected by CVE-2025-21360 in Microsoft AutoUpdate?

You are affected if you are running Microsoft AutoUpdate on macOS versions 4.0.0 through 4.76. Upgrade to version 4.76 to mitigate the risk.

How do I fix CVE-2025-21360 in Microsoft AutoUpdate?

Upgrade Microsoft AutoUpdate to version 4.76 or later. If immediate upgrade is not possible, restrict AutoUpdate execution and monitor system logs.

Is CVE-2025-21360 being actively exploited?

Currently, there is no confirmed active exploitation of CVE-2025-21360, but the high CVSS score suggests a potential for future exploitation.

Where can I find the official Microsoft advisory for CVE-2025-21360?

Refer to the official Microsoft Security Update Guide for CVE-2025-21360: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs