CVE-2025-21313 is a vulnerability identified in the Windows Security Account Manager (SAM) component of Microsoft Windows 11 Version 24H2 (build 10.0.26100.0). The underlying issue is a deadlock condition classified under CWE-833, which occurs when two or more threads are each waiting for the other to release a resource, causing the system or service to become unresponsive. This deadlock can be triggered remotely by an attacker possessing low-level privileges (PR:L), without requiring any user interaction (UI:N). The attack vector is network-based (AV:N), meaning the attacker can exploit the vulnerability over the network. The vulnerability does not affect confidentiality or integrity but causes a denial of service (availability impact is high). The CVSS v3.1 base score is 6.5, reflecting medium severity. No public exploits or patches are currently available, and the vulnerability was reserved in December 2024 and published in January 2025. The deadlock in SAM can disrupt authentication services and other dependent system functions, potentially causing system instability or downtime. Since SAM is critical for managing user credentials and authentication, its unavailability can severely impact system operations, especially in enterprise environments.

For European organizations, this vulnerability poses a risk primarily to system availability. Disruption of the SAM service can lead to authentication failures, preventing users from logging in or accessing resources, which can halt business operations. Critical sectors such as finance, healthcare, government, and telecommunications that rely heavily on Windows 11 for endpoint and server environments may experience operational downtime. The denial of service could also affect identity management systems and security monitoring tools dependent on SAM, increasing the risk of delayed incident response. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact can lead to significant productivity losses and potential regulatory compliance issues related to service availability. Organizations with remote workforces or distributed networks may face increased exposure due to the network-based attack vector.

1. Restrict network access to SAM-related services and ports using firewalls and network segmentation to limit exposure to untrusted networks. 2. Implement strict access controls and monitor accounts with low privileges that could exploit this vulnerability. 3. Enable and review detailed logging and monitoring for SAM service anomalies or deadlock symptoms to detect potential exploitation attempts early. 4. Prepare for rapid deployment of security patches from Microsoft once they become available; maintain an up-to-date patch management process. 5. Consider deploying endpoint detection and response (EDR) solutions that can identify unusual process hangs or service failures related to SAM. 6. Conduct regular backups and have a recovery plan to restore systems quickly in case of denial of service incidents. 7. Educate IT staff about this vulnerability and ensure incident response teams are aware of potential denial of service scenarios involving SAM.