CVE-2025-21204: 
vulnerability analysis and mitigation

CVE-2025-21204 is a security vulnerability discovered in the Windows Update Stack that was disclosed on April 8, 2025. The vulnerability involves improper link resolution before file access (link following) that affects Windows systems. This vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access) and requires local access to exploit. The vulnerability exists in the Windows Update Stack component and involves improper handling of link resolution before file access operations. The attack requires low privileges and no user interaction, while potentially providing high impacts to confidentiality, integrity, and availability (NVD, MSRC).

If successfully exploited, this vulnerability allows an authorized attacker to elevate privileges locally on affected Windows systems. The high CVSS score of 7.8 indicates significant potential impact on system security, with possible compromise of confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability as part of the April 2025 Patch Tuesday updates. The fix includes the creation of a new %systemdrive%\inetpub folder that should not be deleted regardless of whether Internet Information Services (IIS) is enabled on the target device (Microsoft Support).