cbcvebase.
CVE-2025-48799
published 2025-07-08

CVE-2025-48799: Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_1607< 10.0.14393.824610.0.14393.8246
microsoftwindows_10_1809< 10.0.17763.755810.0.17763.7558
microsoftwindows_10_21h2< 10.0.19044.609310.0.19044.6093
microsoftwindows_10_22h2< 10.0.19045.609310.0.19045.6093
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.824610.0.14393.8246
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.755810.0.17763.7558
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.609310.0.19044.6093
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.609310.0.19045.6093
microsoftwindows_11_22h2< 10.0.22621.562410.0.22621.5624
microsoftwindows_11_23h2< 10.0.22631.562410.0.22631.5624
microsoftwindows_11_24h2< 10.0.26100.465210.0.26100.4652
microsoftwindows_11_version_22h2>= 10.0.22621.0 < 10.0.22621.562410.0.22621.5624
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.562410.0.22631.5624
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.562410.0.22631.5624
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.465210.0.26100.4652
microsoftwindows_server_2025< 10.0.26100.465210.0.26100.4652
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.465210.0.26100.4652
msrcwindows_10_version_1607_for_32-bit_systems
msrcwindows_10_version_1607_for_x64-based_systems
msrcwindows_10_version_1809_for_32-bit_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_10_version_21h2_for_32-bit_systems
msrcwindows_10_version_21h2_for_arm64-based_systems
msrcwindows_10_version_21h2_for_x64-based_systems
msrcwindows_10_version_22h2_for_32-bit_systems