CVE-2025-21391
Published: 11 February 2025
Summary
CVE-2025-21391 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-21391 is an elevation-of-privilege vulnerability in the Windows Storage component. It carries a CVSS 3.1 base score of 7.1 and is associated with CWE-59 (improper link resolution before file access). The flaw permits an attacker to manipulate storage-related operations on an affected Windows system.
A local attacker with low privileges can exploit the issue without user interaction. Successful exploitation allows the attacker to elevate privileges and achieve high impact on system integrity and availability while leaving confidentiality unaffected.
Microsoft has published remediation guidance in its Security Response Center update guide, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, confirming active exploitation in the wild. The associated EPSS score remains low, with a current value of 0.0507 and a peak of 0.0558.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2452
Vulnerability details
Windows Storage Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 11 February 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local Windows Storage EoP vulnerability (CWE-59 link following) directly enables exploitation for privilege escalation from low-privileged local context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation of identified flaws, such as applying the Microsoft security update, directly eliminates the Windows Storage elevation of privilege vulnerability.
Vulnerability scanning identifies the presence of CVE-2025-21391 in Windows systems, enabling proactive patching before exploitation.
Enforcing least privilege restricts the actions of low-privileged local attackers, reducing the potential impact of successful privilege escalation.