CVE-2025-21349: 
vulnerability analysis and mitigation

A Windows Remote Desktop Configuration Service Tampering Vulnerability (CVE-2025-21349) was disclosed on February 11, 2025. This vulnerability affects multiple versions of Windows operating systems including Windows 10, Windows 11, and Windows Server editions (AttackerKB).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium), with an impact score of 5.2 and exploitability score of 1.6. The attack vector is Network-based, requires high attack complexity, needs no privileges, but does require user interaction. The vulnerability can potentially lead to high impacts on both confidentiality and integrity, while having no impact on availability (AttackerKB).

The vulnerability could potentially result in high impacts on both system confidentiality and integrity if successfully exploited, as indicated by the CVSS metrics (AttackerKB).

Microsoft has released security updates to address this vulnerability across affected Windows versions. Updates are available through multiple Knowledge Base (KB) articles including KB5051974, KB5051979, KB5051980, KB5051987, KB5051989, KB5052000, KB5052006, and KB5052040 (Rapid7).