Cyber Resilience

CVE-2025-29975

High

Published: 13 May 2025

Published
13 May 2025
Modified
19 May 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0110 78.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29975 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Pc Manager. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 21.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2025-29975 is an improper link resolution before file access vulnerability, also described as a link-following issue and tracked under CWE-59. It affects Microsoft PC Manager and carries a CVSS 3.1 base score of 7.8.

An attacker who already possesses local authorized access can exploit the flaw without user interaction to perform local privilege escalation, resulting in high impact to confidentiality, integrity, and availability on the affected system.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29975 supplies official guidance on available updates and mitigation steps.

EPSS scores have remained low, with a current value of 0.0110 and a recorded peak of 0.0149.

EU & UK References

Vulnerability details

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
pc manager
≤ 3.16.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References