Winlogon CVE-2026-25187
HIGHSeverity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
AnalysisAI
Windows Winlogon's failure to properly validate symbolic links before file access enables local privilege escalation on affected Windows Server and Windows 10/11 systems. An authenticated attacker can exploit this vulnerability to gain elevated system privileges without user interaction. No patch is currently available for this high-severity issue affecting multiple Windows versions including Server 2025 and Windows 11 26h1.
Technical ContextAI
Classified as CWE-59 (Improper Link Resolution Before File Access). Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today