CVE-2025-21216 is a security vulnerability classified as an out-of-bounds read (CWE-125) found in the Internet Connection Sharing (ICS) feature of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability allows an attacker with access to the adjacent network to send specially crafted packets to the ICS service, causing it to read memory outside the intended buffer boundaries. This memory access violation leads to a denial of service condition by crashing the ICS service, thereby disrupting network sharing capabilities on the affected system. The vulnerability does not require any privileges, authentication, or user interaction, making it easier to exploit in environments where ICS is enabled and reachable. The CVSS 3.1 score of 6.5 reflects a medium severity, with the primary impact on availability (DoS), while confidentiality and integrity remain unaffected. No public exploits or active exploitation have been reported to date. The lack of an official patch at the time of disclosure means affected organizations must rely on workarounds and network controls to mitigate risk. ICS is commonly used in scenarios where a Windows machine shares its internet connection with other devices, often in small office or industrial setups, making this vulnerability relevant for environments with legacy systems or constrained network architectures.

The primary impact of CVE-2025-21216 is a denial of service condition affecting the availability of Internet Connection Sharing on Windows 10 Version 1809 systems. For European organizations, this could disrupt network connectivity in environments relying on ICS, such as small offices, remote sites, or industrial control systems that use Windows 10 1809 as a gateway device. The disruption could lead to operational downtime, loss of productivity, and potential cascading effects if ICS is part of critical network infrastructure. Since the vulnerability requires adjacent network access, internal network segmentation and access controls are crucial. The lack of confidentiality or integrity impact limits the risk to data breaches or manipulation, but availability interruptions can still have significant operational consequences, especially in sectors like manufacturing, utilities, or healthcare where continuous connectivity is essential.

1. Disable Internet Connection Sharing (ICS) on Windows 10 Version 1809 systems if it is not required, to eliminate the attack surface. 2. Implement strict network segmentation to restrict access to ICS-enabled devices only to trusted and necessary adjacent network segments. 3. Monitor network traffic for unusual or malformed packets targeting ICS services to detect potential exploitation attempts. 4. Maintain an inventory of systems running Windows 10 Version 1809 and prioritize upgrading or patching them once Microsoft releases an official fix. 5. Use host-based firewalls to block incoming traffic to ICS-related ports from untrusted sources. 6. For environments where ICS is critical, consider deploying additional redundancy or failover mechanisms to mitigate potential service disruptions. 7. Educate IT staff about this vulnerability and ensure incident response plans include steps for handling ICS service outages.