CVE-2025-21391HIGH 7.1CISA KEVEPSS p79.7%

CVE-2025-21391Microsoft Windows Storage Link Following Vulnerability

Microsoft / Windows

Description

Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.

Scoring

CVSS 3.17.1 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS2.14% probability of exploitation · percentile 79.7% · 2026-06-19T12:03:05Z
Published2025-02-11
Last modified2025-10-27

CISA KEV entry

Added to KEV: 2025-02-11

Underlying weaknesses· 1

CWE-59

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21391

1

TypeTargetConfidenceTier
WeaknessImproper Link Resolution Before File Access ('Link Following')cwe-590%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft Windows Storage Link Following Vulnerabilitykev-cve-2025-213910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows Link Following Vulnerability
CVE
CVE-2026-47648
CVE
CVE-2025-21396
CVE
Microsoft Windows NTFS Privilege Escalation Vulnerability
CVE
CVE-2026-50511
CVE
CVE-2026-50512
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.