CVE-2025-21204

Published Apr 8, 2025

Last updated 11 days ago

CVSS high 7.8
Windows Update Stack

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-21204 is a vulnerability in the Windows Update Stack. It stems from improper link resolution before file access, specifically a flaw known as "link following." This vulnerability allows an authorized attacker to elevate their privileges locally on a system.

Description
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-59

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. ⚡UPDATES! April 16 #ViaMonstraOfficeHours featuring Andrew Johnson 💻 Some devices being offered a Windows 11 upgrade, TLS Certificates reduced to 47 days, vulnerability - CVE-2025-21204, and more! #ViaMonstraAcademy UPDATES 4.16.25 ➡️ https://t.co/Ewpvf8T9mh https://t.co/hRyd7w

    @Mirolus_LLC

    18 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚡UPDATES! April 16 #ViaMonstraOfficeHours featuring Andrew Johnson 💻 Some devices being offered a Windows 11 upgrade, TLS Certificates reduced to 47 days, vulnerability - CVE-2025-21204, and more! #ViaMonstraAcademy Full Office Hours 4.16.25 ➡️ https://t.co/AFoUWRIvXa https://t

    @viamonstra

    18 Apr 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [1day1line] CVE-2025-21204: Privilege Escalation via Improper Link Following in the Windows Update Stack https://t.co/DHJN12WrCj Today’s 1day1line covers a privilege escalation vulnerability found in the Windows Update Stack. Without any memory corruption, the escalation was

    @hackyboiz

    17 Apr 2025

    2190 Impressions

    19 Retweets

    60 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  4. Noticed a strange “C:\inetpub” folder after the April 2025 Windows (Patch Tuesday) updates? Don’t panic—it’s not a virus. It’s part of a critical security fix (CVE-2025-21204) that protects your system. Microsoft says to leave it, even if you don’t use IIS. #Security #CVE2025

    @SentrixShield

    16 Apr 2025

    23 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. No no no it's not some "bug" guys, It's how Microsoft patched CVE-2025-21204. lmaooo https://t.co/4oeMc85kNy

    @RealBigManBonk

    16 Apr 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 直近のWindowsの定例更新でCドライブ配下に作成された、空のinetpubフォルダについて。Windows Process Activationの権限昇格脆弱性CVE-2025-21204に対する緩和策なので、IISを使用していなくても削除しないように。 https://t.co/JaCFKHaJI9 消してしまった場合、プログラムと機能からIISを有効化

    @__kokumoto

    15 Apr 2025

    3721 Impressions

    24 Retweets

    50 Likes

    15 Bookmarks

    1 Reply

    1 Quote

  7. Wondering why a new 'inetpub' folder appeared after the latest Windows update? 🧐 It’s not just for IIS. Microsoft added it as a security measure against CVE-2025-21204. Don’t delete it. Here's why: https://t.co/xoBvTHF0Bu #WindowsUpdate #InfoSec #CyberSecurity

    @threatsbank

    15 Apr 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Nach dem neuesten #Windows Update im April taucht ein mysteriöser "inetpub"-Ordner auf. #Microsoft warnt: Nicht löschen! Er schützt vor einer kritischen Sicherheitslücke (CVE-2025-21204). Erfahre mehr und was zu tun ist, falls er weg ist: https://t.co/bAn5ziq9n7 https://t.co/qlay

    @JanSiefken

    15 Apr 2025

    6 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. This CVE-2025-21204 is interesting, first is what would happen if a privileged user creates an "inetpub" and here is Microsoft's new ACL's. They are preventing people writing and deleting files from the Inetpub folder which are being used for SYSTEM / NETWORK SERVICE accounts. ht

    @hackerfantastic

    14 Apr 2025

    3566 Impressions

    16 Retweets

    41 Likes

    15 Bookmarks

    1 Reply

    0 Quotes

  10. No, don’t delete that new inetpub folder. It’s part of Microsoft’s fix for CVE-2025-21204, a local privilege escalation flaw. ✅ It’s harmless ✅ It’s for protection ❌ It’s not just for IIS Leave it. It’s watching your back. 🔒 https://t.co/SjS8oHRHlk

    @CareWeDoNot

    14 Apr 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Microsoft put C:\inetpub junk there for a reason 🫠 CVE-2025-21204 #greatfix https://t.co/VlVgTdS9mD

    @sixtyvividtails

    14 Apr 2025

    16441 Impressions

    26 Retweets

    298 Likes

    76 Bookmarks

    3 Replies

    0 Quotes

  12. Microsoft confirms the unexpected “inetpub” folder created after the April 2025 update is not a bug. It’s tied to a security patch (CVE-2025-21204) meant to protect system files from malicious attacks. #Windows11 #Microsoft #CyberSecurity #WindowsUpdate #CVE2025 #SystemSecurity h

    @geniuspulse360

    13 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Windows users — don’t delete the C:\inetpub folder! After the April 2025 patch, Microsoft confirmed it's created even without IIS installed. ✅ It’s part of a security fix for CVE-2025-21204 🛑 Deleting it may interfere with system protection 🔗 https://t.co/ZYCx4HtprM http

    @nizarhammadi81

    12 Apr 2025

    221 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  14. If you see a new `inetpub` folder on your Windows 11 after the April 2025 update, don't worry It's part of a security patch for CVE-2025-21204 and should not be deleted. #Windows11 #Microsoft #SecurityUpdate https://t.co/XYkCu5vELR

    @ApkZillaDaily

    11 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. April 2025 Windows update creates an empty "inetpub" folder (even without IIS). Microsoft warns: do not delete it. It increases protection related to CVE-2025-21204. https://t.co/FrMpnhw4Gp

    @Jfreeg_

    11 Apr 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. New Windows update creates an empty "inetpub" folder? 📁 Microsoft warns: DO NOT DELETE! It's part of a security update (CVE-2025-21204) to prevent privilege escalation. 🤔 Learn more to stay secure! #WindowsUpdate #Cybersecurity #InfoSec https://t.co/DzSo1YXUku

    @fernandokarl

    11 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. あ、パッチ適用で作成されたinetpubフォルダ消しちゃダメなのか / CVE-2025-21204 - セキュリティ更新プログラム ガイド - Microsoft - Windows プロセス アクティブ化の特権昇格の脆弱性 https://t.co/kPUU09EZFb

    @_jackson

    11 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 CVE-2025-21204 🔴 HIGH (7.8) 🏢 Microsoft - Windows Server 2025 🏗️ 10.0.26100.0 🔗 https://t.co/rfILlo6ofV #CyberCron #VulnAlert #InfoSec https://t.co/bI5e0B4WxA

    @cybercronai

    9 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-21204 Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. https://t.co/bHL4lAPB6o

    @CVEnew

    9 Apr 2025

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References