PT-2025-15551 · Microsoft · Windows Installer+1

Sim0Nsecurity

·

Publicado

2025-04-08

·

Atualizado

2025-04-16

·

CVE-2025-27727

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Windows Installer (affected versions not specified)
Description: The issue is related to improper link resolution before file access, also known as 'link following', in Windows Installer. This allows an authorized attacker to elevate privileges locally.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

RCE

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

BDU:2025-04244
CVE-2025-27727

Produtos afetados

Windows
Windows Installer