How to fix CVE-2025-25008?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Windows affected by CVE-2025-25008?

CVE-2025-25008 presents moderate security risk rated CVSS 7.1. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and consider compensating controls in the interim.

CVE-2025-25008

HIGH

2025-03-11 [email protected]

Windows

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

CVE Published

Mar 11, 2025 - 17:16 nvd

HIGH 7.1

DescriptionNVD

Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.

AnalysisAI

Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-59 (Improper Link Resolution Before File Access). Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.

Affected ProductsAI

Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-25008 vulnerability details – vuln.today

Back