CVE-2025-21331
Published: 14 January 2025
Summary
CVE-2025-21331 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21331 is a Windows Installer Elevation of Privilege Vulnerability affecting the Windows Installer component in Microsoft Windows systems. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is linked to CWE-59 (Improper Link Resolution Before File Access) as well as NVD-CWE-noinfo.
The vulnerability can be exploited by a local attacker who already has low-privileged access to the system. Exploitation requires low attack complexity and user interaction, such as a user opening or interacting with a malicious installer package. Successful exploitation enables the attacker to elevate privileges, resulting in high impacts to confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 provides guidance on this vulnerability, including details on patches and mitigation strategies.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2396
Vulnerability details
Windows Installer Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This is a local elevation of privilege vulnerability in the Windows Installer component that can be directly exploited by a low-privileged attacker via a malicious installer package to gain higher privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses the vulnerability by requiring timely application of Microsoft patches for the Windows Installer improper link resolution issue.
Restricting user-installed software prevents low-privileged users from executing malicious installer packages that require user interaction to trigger the elevation of privilege.
Least privilege limits the actions a low-privileged local attacker can perform prior to attempting exploitation of the Windows Installer vulnerability.