CVE-2025-29957: 
vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-29957 was discovered in Windows Deployment Services and published on May 13, 2025. The vulnerability relates to uncontrolled resource consumption that enables unauthorized attackers to perform denial of service attacks through local access (NVD, Wiz).

The vulnerability has been assigned a CVSS v3.1 base score of 6.2 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. It is categorized under CWE-400 (Uncontrolled Resource Consumption) and CWE-770 (Allocation of Resources Without Limits or Throttling). The technical characteristics indicate a local attack vector (AV:L) with low attack complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N) (NVD).

The vulnerability primarily affects the availability of Windows Deployment Services through denial of service attacks. According to the CVSS scoring, it has a high impact on availability (A:H) but does not affect confidentiality (C:N) or integrity (I:N) of the system (Wiz).

Microsoft has addressed this vulnerability as part of their May 2025 Patch Tuesday updates. System administrators and users are recommended to apply the security updates through Windows Update or their enterprise management tools (Wiz).