CVE-2025-21195 — Link Following in Microsoft Service Fabric

CWE-59 — Link Following4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 70.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Service Fabric Microsoft Azure Service Fabric

Timeline

PublishedJul 8

Description

Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5microsoft/service_fabric1.0.0 — 10.1 Cumulative Update 7.0

▶NVDmicrosoft/azure_service_fabric< 10.1+1

🔴Vulnerability Details

GHSA

GHSA-6c6m-g479-h6f3: Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally↗2025-07-08

▶

CVEList

Azure Service Fabric Runtime Elevation of Privilege Vulnerability↗2025-07-08

▶

📋Vendor Advisories

Microsoft

Azure Service Fabric Runtime Elevation of Privilege Vulnerability↗2025-07-08

▶