CVE-2025-29971: Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Overview
- Severity
- High (CVSS 7.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
- Category
- Denial of Service
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- More Likely
- Patch Tuesday
- 2025-May
- Released
- 2025-05-13
- Last Updated
- 2025-05-16
- EPSS Score
- 6.37% (percentile: 91.0%)
Description
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
Affected Products (6)
ESU
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
Windows
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 11 Version 23H2 for x64-based Systems
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows 11 Version 24H2 for x64-based Systems
Security Updates (3)
Acknowledgments
Vladimir Lagunov with <a href="https://jetbrains.com/">JetBrains</a>
Revision History
- 2025-05-13: Information published.
- 2025-05-16: To comprehensively address CVE-2025-29971, Microsoft has released HotPatch KB5061258 for Windows 11 Version 24H2 for x64-based Systems and Windows 11 Version 24H2 for ARM64-based Systems. Customers running these versions of Windows and who install the HotPatch updates should install KB5061258 to be protected from this vulnerability.