CVE-2025-21351: 
vulnerability analysis and mitigation

Windows Active Directory Domain Services API Denial of Service Vulnerability (CVE-2025-21351) was disclosed on December 11, 2024, and published on February 11, 2025. This vulnerability affects various versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server editions (CVE Mitre, Rapid7).

The vulnerability has been assigned a CVSS score of 7.0, indicating a high severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no authentication (Au:N), and primarily impacts system availability (C:N/I:N/A:C) (Rapid7).

This vulnerability specifically affects the Windows Active Directory Domain Services API and could allow an attacker to cause a denial of service condition, potentially disrupting the availability of critical domain services (SonicWall).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. The following KB updates are available: KB5051974 (Windows 10), KB5051989 (Windows 11), KB5052000 (Windows Server 2019), KB5052006 (Windows Server 2016), KB5051979 (Windows Server 2022), and KB5051987 (Windows Server 2025) (Rapid7).