Request a Demo
Rewterz
Multiple Microsoft Windows Zero-Day Vulnerabilities Exploit in the Wild
January 15, 2025
Rewterz
CVE-2024-12398 – Zyxel Multiple Access Points and Security Router Vulnerability
January 15, 2025

Multiple Microsoft Products Zero-Day Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-21275 CVSS:7.8

Microsoft Windows App Package Installer Elevation of Privilege Vulnerability.

CVE-2025-21308 CVSS:6.5

Microsoft Windows Themes Spoofing Vulnerability.

CVE-2025-21186 CVSS:7.8

Microsoft Access Remote Code Execution Vulnerability.

CVE-2025-21366 CVSS:7.8

Microsoft Access Remote Code Execution Vulnerability.

CVE-2025-21395 CVSS:7.8

Microsoft Access Remote Code Execution Vulnerability.

Impact

  • Gain Access
  • Privilege Escalation
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-21275

  • CVE-2025-21308

  • CVE-2025-21186

  • CVE-2025-21366

  • CVE-2025-21395

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2022
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Windows 11 Version 24H2 for x64-based Systems - 24H2
  • Microsoft Windows Server 2025
  • Microsoft Windows 11 Version 24H2 for ARM64-based Systems
  • Microsoft Windows 11 Version 23H2 for x64-based Systems
  • Microsoft Windows 11 Version 23H2 for ARM64-based Systems
  • Microsoft Windows Server 2025 (Server Core installation)
  • Microsoft Windows 10 Version 22H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for x64-based Systems
  • Microsoft Windows 11 Version 22H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for x64-based Systems
  • Microsoft Windows 10 Version 22H2 for 32-bit Systems
  • Microsoft Windows 10 Version 22H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for ARM64-based Systems
  • Microsoft Windows 10 Version 21H2 for 32-bit Systems
  • Microsoft Access 2016 (64-bit edition)
  • Microsoft Access 2016 (32-bit edition)
  • Microsoft Office LTSC 2024 for 64-bit editions

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21275

CVE-2025-21308

CVE-2025-21186

CVE-2025-21366

CVE-2025-21395