CVE-2025-21191: 
vulnerability analysis and mitigation

A time-of-check time-of-use (TOCTOU) race condition vulnerability was discovered in Windows Local Security Authority (LSA). The vulnerability, identified as CVE-2025-21191, was disclosed on April 8, 2025. This security flaw affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD, Rapid7).

The vulnerability is classified as CWE-367 (Time-of-check Time-of-use Race Condition). Microsoft has assigned a CVSS v3.1 base score of 7.0 (High), with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability requires local access, has high attack complexity, needs low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability (NVD).

The vulnerability allows an authorized attacker with local access to elevate their privileges on the affected system. This could potentially lead to complete system compromise, affecting the confidentiality, integrity, and availability of the system (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. The fixes are available through various KB patches including KB5055518 for Windows 10, KB5055528 for Windows 11, and KB5055523 for Windows Server 2025 (Rapid7).