CVE-2025-21254 is a security vulnerability classified as CWE-125 (Out-of-bounds Read) affecting the Internet Connection Sharing (ICS) feature in Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The vulnerability arises from improper bounds checking when ICS processes network data, allowing an attacker to trigger an out-of-bounds read condition. This flaw can be exploited remotely over the network without requiring any privileges or user interaction, making it accessible to unauthenticated attackers. Successful exploitation leads to a denial of service (DoS) condition by causing the ICS service or the entire system to crash, thereby impacting availability. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C) indicates the attack requires adjacent network access (local network), low attack complexity, no privileges or user interaction, and results in a complete loss of availability. No known exploits have been reported in the wild, and no official patches have been published as of the vulnerability disclosure date (February 11, 2025). Given the age of the affected Windows version, many organizations may have already migrated to newer versions, but legacy systems remain vulnerable. The vulnerability is particularly concerning in environments where ICS is enabled and exposed to local network attackers, such as enterprise networks or industrial control systems that rely on ICS for network sharing.

The primary impact of CVE-2025-21254 is a denial of service condition that disrupts network connectivity and system availability on affected Windows 10 Version 1607 machines. For European organizations, this can lead to operational downtime, especially in sectors relying on ICS for network sharing or legacy systems that have not been updated. Critical infrastructure, manufacturing, and enterprise environments that still operate Windows 10 1607 are at risk of service interruptions, potentially affecting business continuity and causing financial losses. Although confidentiality and integrity are not impacted, the loss of availability can hinder communication and network services, complicating incident response and recovery efforts. The lack of known exploits reduces immediate risk, but the medium severity score and ease of exploitation over local networks mean that attackers with network access could leverage this vulnerability to cause disruption. Organizations with segmented or well-controlled networks may face lower risk, but those with flat or poorly segmented networks are more vulnerable.

1. Disable Internet Connection Sharing (ICS) if it is not required in your environment to eliminate the attack surface. 2. Restrict network access to ICS services by implementing strict network segmentation and firewall rules that limit local network exposure to trusted devices only. 3. Upgrade affected systems from Windows 10 Version 1607 to a supported and patched Windows version to receive security updates and reduce vulnerability exposure. 4. Monitor network traffic for unusual activity around ICS services and implement intrusion detection systems to alert on potential exploitation attempts. 5. For legacy systems that cannot be upgraded immediately, consider isolating them on dedicated network segments with no unnecessary network access. 6. Stay informed about Microsoft’s patch releases and apply security updates promptly once available. 7. Conduct regular vulnerability assessments and penetration testing focusing on ICS and related network services to identify and remediate weaknesses.