CVE-2025-21373
Published: 11 February 2025
Summary
CVE-2025-21373 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-21373 is a Windows Installer Elevation of Privilege Vulnerability affecting the Windows Installer component in Microsoft Windows operating systems. Published on 2025-02-11, it carries a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with CWE-59 (Improper Link Resolution Before File Access) and NVD-CWE-noinfo.
A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Successful exploitation enables elevation of privileges, resulting in high impacts on confidentiality, integrity, and availability.
The Microsoft Security Response Center (MSRC) provides details on this vulnerability, including patch information and mitigation guidance, in their update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2436
Vulnerability details
Windows Installer Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local elevation of privilege vulnerability in the Windows Installer component (CWE-59), directly enabling exploitation to gain higher privileges from a low-privileged context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-21373 by requiring timely identification, reporting, and correction of the flaw in Windows Installer through patching.
Enforces least privilege for local low-privilege attackers, limiting the attack surface and impact of elevation of privilege via Windows Installer.
Mandates enforcement of approved access authorizations, countering the improper link resolution before file access that enables privilege escalation.