CVE-2025-21391

HIGH
2025-02-11 [email protected]
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:26 vuln.today
Patch Released
Mar 28, 2026 - 18:26 nvd
Patch available
Added to CISA KEV
Oct 27, 2025 - 17:13 cisa
CISA KEV
CVE Published
Feb 11, 2025 - 18:15 nvd
HIGH 7.1

Tags

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025 Windows

Description

Windows Storage Elevation of Privilege Vulnerability

Analysis

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attackers to delete targeted files, enabling privilege escalation.

Technical Context

The CWE-59 improper link resolution allows a local attacker to create symbolic links that redirect Windows Storage operations to delete files in privileged locations. By targeting specific system files, the attacker can create conditions for privilege escalation.

Affected Products

['Microsoft Windows (Storage component)']

Remediation

Apply Microsoft security update. Monitor for suspicious symlink creation in user-writable directories.

Priority Score

91
Low Medium High Critical
KEV: +50
EPSS: +5.6
CVSS: +36
POC: 0

Share

CVE-2025-21391 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy