CVE-2025-21331
Published: 14 January 2025
Summary
CVE-2025-21331 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the vulnerability by requiring timely application of Microsoft patches for the Windows Installer improper link resolution issue.
Restricting user-installed software prevents low-privileged users from executing malicious installer packages that require user interaction to trigger the elevation of privilege.
Least privilege limits the actions a low-privileged local attacker can perform prior to attempting exploitation of the Windows Installer vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This is a local elevation of privilege vulnerability in the Windows Installer component that can be directly exploited by a low-privileged attacker via a malicious installer package to gain higher privileges.
NVD Description
Windows Installer Elevation of Privilege Vulnerability
Deeper analysisAI
CVE-2025-21331 is a Windows Installer Elevation of Privilege Vulnerability affecting the Windows Installer component in Microsoft Windows systems. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is linked to CWE-59 (Improper Link Resolution Before File Access) as well as NVD-CWE-noinfo.
The vulnerability can be exploited by a local attacker who already has low-privileged access to the system. Exploitation requires low attack complexity and user interaction, such as a user opening or interacting with a malicious installer package. Successful exploitation enables the attacker to elevate privileges, resulting in high impacts to confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 provides guidance on this vulnerability, including details on patches and mitigation strategies.
Details
- CWE(s)