CVE-2025-21352 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting the Internet Connection Sharing (ICS) component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). ICS is a feature that allows a Windows device to share its internet connection with other devices on a local network. The vulnerability arises because ICS improperly manages resource allocation, allowing an attacker with network access to send specially crafted requests that cause excessive consumption of system resources. This leads to a denial of service (DoS) condition where the affected system becomes unresponsive or unstable due to resource exhaustion. The CVSS 3.1 score is 6.5 (medium severity), with the vector indicating that the attack can be performed remotely (Attack Vector: Adjacent Network), requires no privileges (PR:N), no user interaction (UI:N), and impacts availability only (A:H) without affecting confidentiality or integrity. The vulnerability does not require authentication, making it easier for attackers within the same network segment to exploit. No public exploits or patches are currently available, increasing the importance of proactive mitigation. The vulnerability was reserved in December 2024 and published in February 2025, indicating recent discovery. Since ICS is often used in small office/home office (SOHO) and some enterprise environments for network sharing, affected systems may be exposed in internal networks or segmented environments. The lack of known exploits suggests limited current exploitation but does not preclude future attacks.

For European organizations, the primary impact is on availability, as exploitation leads to denial of service by exhausting ICS resources. This can disrupt network connectivity for multiple users relying on ICS, potentially halting business operations that depend on shared internet access. Critical infrastructure or industrial control systems using legacy Windows 10 1507 devices with ICS enabled may experience operational interruptions. Although confidentiality and integrity are not directly affected, the loss of availability can have cascading effects, such as delayed communications, inability to access cloud services, or interruption of automated processes. Organizations with legacy systems or those slow to update may be disproportionately affected. The medium severity suggests a moderate risk, but the ease of exploitation without authentication and user interaction increases the threat in environments where attackers have adjacent network access, such as compromised internal networks or poorly segmented Wi-Fi networks. The absence of patches means organizations must rely on workarounds and network controls until updates are available.

1. Upgrade affected systems from Windows 10 Version 1507 to a supported and patched Windows version to eliminate the vulnerability. 2. If upgrading is not immediately possible, disable Internet Connection Sharing (ICS) on affected devices to remove the attack surface. 3. Implement strict network segmentation and access controls to limit exposure of ICS-enabled devices to untrusted or potentially malicious network segments. 4. Monitor network traffic for unusual patterns indicative of resource exhaustion attacks targeting ICS. 5. Employ host-based resource monitoring to detect abnormal resource consumption that could signal exploitation attempts. 6. Educate IT staff about the vulnerability and ensure incident response plans include steps for ICS-related DoS events. 7. Regularly review and update firewall rules to restrict unnecessary network access to ICS services. 8. Stay informed about vendor updates and apply patches promptly once released.