PT-2025-28533 · Microsoft · Windows Update Service+3
Filip Dragović
+1
·
Published
2024-09-03
·
Updated
2025-12-03
·
CVE-2025-48799
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows versions prior to July 8, 2025
Description
An improper link resolution vulnerability exists in the Windows Update Service before file access. This allows an authorized attacker to elevate privileges locally. The vulnerability affects Windows 10 and Windows 11 clients with at least two hard drives. The
wuauserv service is involved, and the vulnerability relates to incorrect handling of symbolic links during file access, potentially enabling arbitrary file deletion and privilege escalation.Recommendations
Update your systems to the latest version available before July 8, 2025, to address this vulnerability.
Exploit
Fix
LPE
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 10
Windows 11
Windows Update Service