CVE-2025-21373: 
vulnerability analysis and mitigation

Windows Installer Elevation of Privilege Vulnerability, identified as CVE-2025-21373, was disclosed on February 11, 2025. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (NVD, Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, low privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability. The vulnerability is associated with CWE-59 (Improper Link Resolution Before File Access) (NVD).

The vulnerability poses significant risks as it could allow an attacker to gain elevated privileges on affected systems. With a CVSS score of 7.8, it demonstrates high potential impact across confidentiality, integrity, and availability of the affected systems (AttackerKB).

Microsoft has released security updates to address this vulnerability across affected Windows versions. Users are advised to apply the latest security updates through Windows Update or Microsoft Update Catalog (Microsoft Advisory).