CVE-2025-59241 — Link Following in Microsoft Windows 11 Version 24h2

CWE-59 — Link Following5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 78.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 11 Version 24h2 Microsoft Windows 11 Version 25h2 Microsoft Windows 11 24h2 +1 more

Timeline

PublishedOct 14

Description

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmicrosoft/windows_11_24h2< 10.0.26100.6899

▶NVDmicrosoft/windows_11_25h2< 10.0.26200.6899

▶CVEListV5microsoft/windows_11_version_24h210.0.26100.0 — 10.0.26100.6899

▶CVEListV5microsoft/windows_11_version_25h210.0.26200.0 — 10.0.26200.6899

🔴Vulnerability Details

CVEList

Windows Health and Optimized Experiences Elevation of Privilege Vulnerability↗2025-10-14

▶

GHSA

GHSA-4f37-vrhf-j285: Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to el↗2025-10-14

▶

📋Vendor Advisories

Microsoft

Windows Health and Optimized Experiences Elevation of Privilege Vulnerability↗2025-10-14

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws↗2025-10-14

▶