Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Jul 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Microsoft
Microsoft windows 10 1507 Microsoft windows 10 1607 Microsoft windows 10 1809 Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 22h2 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows Server 2008 Microsoft windows Server 2012 Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 Microsoft windows Server 2022 23h2 Microsoft windows Server 2025 |
|
CPEs | cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Microsoft
Microsoft windows 10 1507 Microsoft windows 10 1607 Microsoft windows 10 1809 Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 22h2 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows Server 2008 Microsoft windows Server 2012 Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 Microsoft windows Server 2022 23h2 Microsoft windows Server 2025 |
Thu, 29 May 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 08 Apr 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Apr 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. | |
Title | Windows Process Activation Elevation of Privilege Vulnerability | |
Weaknesses | CWE-59 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: microsoft
Published: 2025-04-08T17:23:38.654Z
Updated: 2025-06-04T17:53:44.001Z
Reserved: 2024-12-05T21:43:30.768Z
Link: CVE-2025-21204

Updated: 2025-05-29T13:45:04.457Z

Status : Analyzed
Published: 2025-04-08T18:15:45.343
Modified: 2025-07-09T16:41:26.600
Link: CVE-2025-21204

No data.