CVE-2025-21195

FAQ

How can I update my Service Fabric Cluster to the latest version?

If you have automatic updates, no action is needed. However, for those who choose to manually update, please refer to Manage Service Fabric cluster upgrades for instructions on how to update your Service Fabric Cluster.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation.

According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an administrator to install the bootstrapping agent on the target device where an attacker has planted specially crafted malicious files.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.