Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
Metrics
Affected Vendors & Products
References
History
Thu, 10 Jul 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Microsoft
Microsoft windows 10 1507 Microsoft windows 10 1607 Microsoft windows 10 1809 Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 22h2 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 Microsoft windows Server 2022 23h2 Microsoft windows Server 2025 |
|
CPEs | cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Microsoft
Microsoft windows 10 1507 Microsoft windows 10 1607 Microsoft windows 10 1809 Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 22h2 Microsoft windows 11 23h2 Microsoft windows 11 24h2 Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 Microsoft windows Server 2022 23h2 Microsoft windows Server 2025 |
Tue, 10 Jun 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Jun 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. | |
Title | Windows Recovery Driver Elevation of Privilege Vulnerability | |
Weaknesses | CWE-59 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: microsoft
Published: 2025-06-10T17:02:14.644Z
Updated: 2025-06-20T01:04:11.826Z
Reserved: 2025-04-09T20:06:59.967Z
Link: CVE-2025-32721

Updated: 2025-06-10T18:24:41.417Z

Status : Analyzed
Published: 2025-06-10T17:22:04.147
Modified: 2025-07-10T14:01:09.513
Link: CVE-2025-32721

No data.