CVE-2025-21289: 
vulnerability analysis and mitigation

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability, identified as CVE-2025-21289, was discovered and disclosed on January 14, 2025. This vulnerability affects various versions of Microsoft Windows operating systems including Windows 10, Windows 11, and Windows Server editions (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. It is classified under CWE-400 (Uncontrolled Resource Consumption) according to Microsoft's assessment (NVD).

This vulnerability specifically impacts the availability of the system, as indicated by the CVSS metrics showing high impact on availability (A:H) while having no impact on confidentiality (C:N) or integrity (I:N). The vulnerability can lead to a denial of service condition in affected systems (NVD).

Microsoft has released security updates to address this vulnerability. Multiple KB patches have been issued for different versions of Windows, including KB5050013 for Windows 10 1507, KB5049993 for Windows 10 1607, KB5050008 for Windows 10 1809, and various other patches for different Windows versions and editions (Rapid7).