CVE-2025-21358 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) affecting Microsoft Windows 10 Version 1507 (build 10240). The flaw exists in the Windows Core Messaging component, where improper handling of pointers can lead to dereferencing untrusted memory locations. This can be exploited by an attacker with limited privileges (PR:L) to elevate their privileges to system level without requiring user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H) of the system, allowing arbitrary code execution with elevated privileges. The attack vector is local (AV:L), meaning the attacker must have some access to the system but can escalate privileges from there. The vulnerability was published on February 11, 2025, with no known exploits in the wild and no patches currently available, indicating a zero-day window for affected systems. The CVSS 3.1 score of 7.8 reflects a high severity due to the potential impact and relatively low complexity of exploitation, given local access and no user interaction required. The vulnerability is particularly relevant for legacy systems still running the initial Windows 10 release, which is no longer supported and thus unlikely to receive official patches. The untrusted pointer dereference can cause system crashes or allow attackers to execute arbitrary code, compromising system security and stability.

For European organizations, this vulnerability poses a significant risk especially to those maintaining legacy Windows 10 Version 1507 systems, commonly found in industrial control systems, government agencies, and enterprises with slow upgrade cycles. Successful exploitation can lead to full system compromise, allowing attackers to steal sensitive data, disrupt operations, or deploy ransomware. The elevation of privilege aspect means attackers can bypass security controls and gain administrative access, making detection and remediation more difficult. Critical infrastructure sectors such as energy, transportation, and healthcare could face severe operational disruptions. The lack of patches increases the window of exposure, and organizations relying on outdated Windows versions are particularly vulnerable. Additionally, the local attack vector limits remote exploitation but insider threats or malware with local access capabilities could leverage this vulnerability. The impact on confidentiality, integrity, and availability is high, potentially leading to data breaches, system downtime, and loss of trust.

Given the absence of official patches, the primary mitigation is to upgrade affected systems to a supported and fully patched Windows 10 version or later. Organizations should conduct thorough asset inventories to identify any systems still running Windows 10 Version 1507 and prioritize their upgrade or isolation. Employ strict access controls to limit local user privileges and reduce the risk of privilege escalation. Implement endpoint detection and response (EDR) solutions to monitor for unusual process behaviors indicative of exploitation attempts. Use application whitelisting to prevent unauthorized code execution. Network segmentation can limit the spread of an attacker who gains elevated privileges. Regularly audit and harden system configurations to minimize attack surface. If upgrading is not immediately feasible, consider disabling or restricting the Windows Core Messaging component where possible, although this may impact functionality. Maintain robust backup and recovery procedures to mitigate damage from potential exploitation. Finally, stay alert for any future patches or advisories from Microsoft addressing this vulnerability.