CVE-2025-21374 is an out-of-bounds read vulnerability classified under CWE-125, found in the Client-Side Caching (CSC) service of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). This vulnerability arises when the CSC service improperly handles memory boundaries, allowing a local attacker with low privileges to read memory outside the intended buffer. This can lead to unauthorized disclosure of sensitive information stored in memory, such as credentials, tokens, or other confidential data. The vulnerability does not allow modification of data or denial of service, focusing solely on information disclosure. Exploitation requires local access and does not need user interaction, making it a risk primarily in environments where attackers can gain limited local access, such as through compromised accounts or insider threats. The CVSS 3.1 base score is 5.5, with metrics indicating low attack vector (local), low attack complexity, required privileges (low), no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. No public exploits have been reported, and no patches or updates are currently linked, suggesting that mitigation may rely on upgrading to newer Windows versions or applying future patches. The vulnerability was reserved in December 2024 and published in January 2025, indicating recent discovery and disclosure.

For European organizations, the primary impact of CVE-2025-21374 is the potential unauthorized disclosure of sensitive information due to the out-of-bounds read in the CSC service. This can compromise confidentiality of data such as cached credentials or sensitive application data stored in memory. While the vulnerability does not allow direct system compromise or denial of service, information leakage can facilitate further attacks, including privilege escalation or lateral movement within networks. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, may face increased risk of data breaches or regulatory non-compliance if legacy Windows 10 Version 1507 systems remain in use. The requirement for local access limits remote exploitation, but insider threats or attackers who have gained initial footholds could leverage this vulnerability to escalate their capabilities. The lack of known exploits reduces immediate risk, but the presence of an unpatched vulnerability in older Windows versions necessitates proactive mitigation to prevent future exploitation.

1. Upgrade all systems running Windows 10 Version 1507 (build 10.0.10240.0) to a supported and fully patched Windows version, as this legacy version is no longer supported and unlikely to receive security updates. 2. Implement strict access controls and monitoring to limit local access to trusted users only, reducing the risk of exploitation by low-privilege attackers. 3. Employ endpoint detection and response (EDR) solutions to detect suspicious local activity that could indicate exploitation attempts. 4. Review and restrict use of the CSC service where possible, especially on systems handling sensitive data, to minimize exposure. 5. Maintain up-to-date asset inventories to identify any remaining systems running vulnerable Windows versions and prioritize their remediation. 6. Educate users and administrators about the risks of running unsupported operating systems and the importance of timely patching and upgrades. 7. Monitor Microsoft security advisories for any forthcoming patches or mitigations related to this vulnerability.