CVE-2021-25261: 
Yandex Browser vulnerability analysis and mitigation

Local privilege vulnerability in Yandex Browser for Windows prior to version 22.5.0.862 allows a local, low privileged attacker to execute arbitrary code with SYSTEM privileges. The vulnerability was discovered through manipulating symlinks to installation files during the Yandex Browser update process (NVD, Yandex BugBounty).

The vulnerability is tracked as CVE-2021-25261 and has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access), indicating the core issue relates to insecure handling of symlinks during file operations (NVD).

The vulnerability allows an attacker with low privileges to escalate to SYSTEM level privileges, potentially gaining complete control over the affected system. This enables the attacker to execute arbitrary code with the highest system privileges, potentially compromising the entire system security (NVD).

The vulnerability has been fixed in Yandex Browser version 22.5.0.862. Users should update to this version or later to mitigate the risk. No alternative workarounds have been publicly documented (Yandex BugBounty).