CVE-2025-21204 | THREATINT

Description

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2024-12-05 | Published 2025-04-08 | Updated 2026-02-13 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Product status

10.0.10240.0 (custom) before 10.0.10240.20978

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.19044.0 (custom) before 10.0.19044.5737

affected

10.0.19045.0 (custom) before 10.0.19045.5737

affected

10.0.22621.0 (custom) before 10.0.22621.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

6.1.7601.0 (custom) before 6.1.7601.27670

affected

6.1.7601.0 (custom) before 6.1.7601.27670

affected

6.0.6003.0 (custom) before 6.0.6003.23220

affected

6.0.6003.0 (custom) before 6.0.6003.23220

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.20348.0 (custom) before 10.0.20348.3453

affected

10.0.25398.0 (custom) before 10.0.25398.1551

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

References

www.vicarius.io/...ft-windows-update-stack-mitigation-script

www.vicarius.io/...oft-windows-update-stack-detection-script

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204 (Windows Process Activation Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2025-21204)

nvd.nist.gov (CVE-2025-21204)

Download JSON