CVE-2025-59510Link Following in Microsoft Windows 10 Version 1607

CWE-59Link Following4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 85.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+19 more
Timeline
PublishedNov 11

Description

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages21 packages

NVDmicrosoft/windows< 10.0.14393.8594+5
NVDmicrosoft/windows_10_1607< 10.0.14393.8594
NVDmicrosoft/windows_10_1809< 10.0.17763.8027
NVDmicrosoft/windows_10_21h2< 10.0.19044.6575
NVDmicrosoft/windows_10_22h2< 10.0.19045.6575

🔴Vulnerability Details

2
CVEList
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability2025-11-11
GHSA
GHSA-x393-p346-vj6x: Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to de2025-11-11

📋Vendor Advisories

1
Microsoft
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability2025-11-11
CVE-2025-59510 — Link Following in Microsoft | cvebase