CVE-2025-21204

HIGH

Windows 10 1507-24H2 and Windows Server 2008 - Privilege Escalation via Improper Link Resolution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-21204. PoCs published by mmotti.

AI-analyzed exploit summary This PowerShell script restores the `%SYSTEMDRIVE%\inetpub` directory and applies default security permissions as a mitigation for CVE-2025-21204. It ensures proper ownership and ACLs are set, addressing a vulnerability mitigated by Windows update KB5055523.

Description

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

Exploits (1)

nomisec WORKING POC 3 stars
by mmotti · poc
https://github.com/mmotti/Reset-inetpub

This PowerShell script restores the `%SYSTEMDRIVE%\inetpub` directory and applies default security permissions as a mitigation for CVE-2025-21204. It ensures proper ownership and ACLs are set, addressing a vulnerability mitigated by Windows update KB5055523.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows (KB5055523)
Auth required
Prerequisites: Administrator privileges · PowerShell 5.1 or later
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0639
EPSS Percentile 92.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-59
Status published
Products (17)
microsoft/windows_10_1507 < 10.0.10240.20978 (2 CPE variants)
microsoft/windows_10_1607 < 10.0.14393.7969 (2 CPE variants)
microsoft/windows_10_1809 < 10.0.17763.7136 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.5737
microsoft/windows_10_22h2 < 10.0.19045.5737
microsoft/windows_11_22h2 < 10.0.22621.5189
microsoft/windows_11_23h2 < 10.0.22631.5189
microsoft/windows_11_24h2 < 10.0.26100.3775
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2 sp1
... and 7 more
Published Apr 08, 2025
Tracked Since Feb 18, 2026