CVE-2025-21352 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting the Internet Connection Sharing (ICS) feature in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). ICS allows a Windows device to share its internet connection with other devices on a local network. The vulnerability arises when ICS improperly manages resource allocation, allowing an unauthenticated remote attacker to trigger excessive resource consumption. This can lead to a denial of service (DoS) condition, where the affected system becomes unresponsive or its network sharing capabilities are disrupted. The CVSS 3.1 base score is 6.5, reflecting a medium severity level. The attack vector is adjacent network (AV:A), meaning the attacker must have access to the same local or adjacent network segment but does not require privileges or user interaction. The impact is limited to availability (A:H), with no confidentiality or integrity impact. The vulnerability was published on February 11, 2025, with no known exploits in the wild and no patches released at the time of analysis. The lack of authentication and user interaction requirements increases the risk, but the need for network proximity limits widespread exploitation. This vulnerability is particularly relevant for environments where ICS is enabled and used, such as small office/home office setups or enterprise networks that rely on ICS for connectivity sharing.

For European organizations, the primary impact of CVE-2025-21352 is the potential disruption of network connectivity services due to denial of service on ICS-enabled Windows 10 Version 1809 systems. This can affect business continuity, especially in environments where ICS is used to provide internet access to multiple devices or critical network segments. The availability loss could lead to operational downtime, impacting productivity and potentially causing cascading effects in network-dependent services. While the vulnerability does not compromise data confidentiality or integrity, the disruption of network services could hinder communication, remote work, and access to cloud resources. Organizations in sectors such as manufacturing, healthcare, finance, and government, which often rely on stable network infrastructure, may experience significant operational challenges. The absence of known exploits reduces immediate risk, but the medium severity score and ease of triggering the vulnerability in adjacent networks necessitate proactive mitigation. Additionally, legacy systems still running Windows 10 Version 1809 without upgrades or patches are particularly vulnerable, increasing the attack surface in European enterprises with slower update cycles.

1. Disable Internet Connection Sharing (ICS) on Windows 10 Version 1809 systems if it is not explicitly required for business operations. 2. Restrict network access to ICS services by implementing network segmentation and firewall rules that limit access to trusted devices within the local network. 3. Monitor network traffic and system resource usage on ICS-enabled devices to detect unusual spikes indicative of resource exhaustion attacks. 4. Prioritize upgrading affected systems to newer, supported Windows versions where this vulnerability is not present or has been patched. 5. Apply any forthcoming security patches from Microsoft promptly once available. 6. Educate IT staff about the vulnerability and ensure incident response plans include procedures for identifying and mitigating ICS-related DoS conditions. 7. Use network intrusion detection systems (NIDS) to identify potential exploitation attempts within local networks. 8. For critical environments, consider isolating ICS-enabled devices from sensitive network segments to minimize impact in case of exploitation.