CVE-2025-21343: Windows Web Threat Defense User Service Information Disclosure Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Jan

Released

2025-01-14

EPSS Score

5.39% (percentile: 90.1%)

FAQ

What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could capture screenshots of another user’s session, crossing the user-session boundary.

Affected Products (6)

ESU

• Windows 11 Version 22H2 for ARM64-based Systems
• Windows 11 Version 22H2 for x64-based Systems

Windows

• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows 11 Version 24H2 for ARM64-based Systems
• Windows 11 Version 24H2 for x64-based Systems

Security Updates (2)

• 5050021
• 5050009

Acknowledgments

<a href="https://www.cyber.gov.au/">Australian Signals Directorate</a>, <a href="https://www.cyber.gov.au/">Australian Signals Directorate</a>

Revision History

• 2025-01-14: Information published.