CVE-2015-2525

Microsoft Windows 10 - Access Control

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2525. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages a junction attack in Windows Task Scheduler to delete arbitrary files as SYSTEM by abusing the DeleteExpiredTaskAfter feature, leading to privilege escalation. The PoC demonstrates this by deleting a specified file via a PowerShell script.

Description

Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka "Windows Task File Deletion Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/38200

View Code ZIP pw:eip

The exploit leverages a junction attack in Windows Task Scheduler to delete arbitrary files as SYSTEM by abusing the DeleteExpiredTaskAfter feature, leading to privilege escalation. The PoC demonstrates this by deleting a specified file via a PowerShell script.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Task Scheduler (Windows 7, 8.1, 10)

Auth required

Prerequisites: Local user access · Ability to create junctions · PowerShell execution rights

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/76653

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38200/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033494

Scores

EPSS 0.3271

EPSS Percentile 98.1%

Details

CWE

CWE-264

Status published

Products (11)

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 1 more

Published Sep 09, 2015

Tracked Since Feb 18, 2026