CVE-2025-21254 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting the Internet Connection Sharing (ICS) feature in Microsoft Windows 10 Version 1809 (build 17763.0). The flaw allows an attacker to remotely trigger an out-of-bounds read condition without requiring privileges or user interaction. This results in a denial of service (DoS) condition by causing the ICS service or the system to crash, impacting system availability. The vulnerability has a CVSS v3.1 base score of 6.5, reflecting a medium severity level, with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact is limited to availability (A:H), with no confidentiality or integrity impact. No known exploits have been reported in the wild, and no patches have been published at the time of analysis. The vulnerability was reserved in December 2024 and published in February 2025. ICS is commonly used to share internet connections across devices on a local network, and disruption could affect network connectivity and dependent services. The lack of authentication and user interaction requirements increases the risk of exploitation in environments where ICS is enabled and exposed. This vulnerability primarily threatens availability, potentially causing service outages or system crashes in affected Windows 10 1809 systems.

For European organizations, the primary impact of CVE-2025-21254 is the potential denial of service affecting systems running Windows 10 Version 1809 with ICS enabled. This could disrupt internal network connectivity and internet sharing capabilities, leading to operational downtime, especially in environments relying on ICS for network access or legacy setups. Critical infrastructure sectors such as manufacturing, healthcare, and public services that still operate legacy Windows 10 systems may experience interruptions affecting business continuity. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact could hinder productivity and service delivery. Enterprises with segmented networks or those that have migrated away from ICS or legacy Windows versions face reduced risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. The medium severity rating indicates a moderate threat level, but the ease of exploitation without authentication or user interaction means organizations should prioritize mitigation to avoid service disruptions.

1. Disable Internet Connection Sharing (ICS) on Windows 10 Version 1809 systems if it is not essential to reduce the attack surface. 2. For systems requiring ICS, restrict ICS exposure by implementing strict network segmentation and firewall rules to limit access to trusted local networks only. 3. Monitor network traffic for unusual activity targeting ICS-related ports or services. 4. Maintain an inventory of systems running Windows 10 Version 1809 and plan for upgrade or patching as soon as Microsoft releases a security update addressing this vulnerability. 5. Employ endpoint detection and response (EDR) solutions to detect abnormal process crashes or service failures related to ICS. 6. Educate IT staff about the vulnerability and ensure incident response plans include steps to handle potential ICS service disruptions. 7. Regularly review and update network architecture to minimize reliance on legacy features like ICS, migrating to more secure and supported technologies where possible.