- Description
- Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-59
- Hype score
- Not currently trending
Found it @theJoshMeister CVE-2025-21204, a local privilege escalation vulnerability in the Windows Update Stack.
@Parkway_Pro_
27 Jan 2026
143 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
Microsoft has issued a warning for Windows 11 users to restore the "inetpub" folder if they mistakenly removed it. This empty folder, which can be easily deleted with admin permission, is required to patch a critical issue in Windows 11(CVE-2025-21204). via @WindowsLatest
@upgradeoptions
11 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #Kernel_Security 1. CVE-2025-21204: Abusing the Windows Update Stack to Gain SYSTEM Access https://t.co/8ylvL8ufqu 2. Bypassing MTE with CVE-2025-0072 (Arm Mali GPU kernel code execution) https://t.co/u4Kkub9Wv3 ]-> PoC: https://t.co/LAOp98tvWr
@ksg93rd
10 Jun 2025
2042 Impressions
21 Retweets
44 Likes
26 Bookmarks
0 Replies
0 Quotes
Microsoft has issued a warning for Windows 11 users to restore the "inetpub" folder if they mistakenly removed it. This empty folder, which can be easily deleted with admin permission, is required to patch a critical issue in Windows 11(CVE-2025-21204). via @WindowsLatest
@upgradeoptions
9 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
記事を投稿しました! CVE-2025-21204への対処で生まれたinetpubフォルダを削除してしまったあなたへの処方箋 ~2025-06-09版~ [Windows] on #Qiita https://t.co/RsPbTQZ843
@yumetodo
9 Jun 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
マイクロソフト、削除すべきでないinetpubフォルダを復元するスクリプトを公開(CVE-2025-21204) https://t.co/dtZaKNZseO #Security #セキュリティ #ニュース
@SecureShield_
7 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft's April 2025 update creates 'inetpub' to fix a serious vulnerability. Deleting it risks security; a PowerShell script is now available to restore and set proper permissions. 🔒 #CVE-2025-21204 #Windows #US https://t.co/XXHCwepj6Z
@TweetThreatNews
6 Jun 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🦹🐿️ Villain of the Week - Evil Squirrel Lady! 🐿️🦹 A critical vulnerability, CVE-2025-21204, affects the Windows Update Servicing Stack, allowing local attackers to gain elevated privileges by exploiting improper access control tied to the C:\inetpub directory.
@vicariusltd
28 May 2025
99 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
INETPUB - ⚠️nie usuwaj tego katalogu. • Katalog jest pusty. • Został stworzony przez Windows Update. • Celem jest ochrona Twojego systemu. • Stało się to w ostatnim miesiącu. • Więcej informacji znajdziesz szukając CVE-2025-21204. Daj znać czy go zauważyłe
@KacperSzurek
6 May 2025
5912 Impressions
1 Retweet
49 Likes
14 Bookmarks
12 Replies
0 Quotes
Windows Update プロセスの脆弱性 CVE-2025-21204:SYSTEM 乗っ取りの PoC が提供 https://t.co/8YKDVFIO7W Windows Update プロセスに発見された新たな脆弱性は、コード・インジェクションを伴わずに EDR や AMSI による検出を回避す
@iototsecnews
6 May 2025
134 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Missed in April's Patch Tuesday: CVE-2025-21204, a Windows Update Stack EoP. @ElliShlomo released an exploit on Apr 14, but pulled it days later. Then the fix itself got flagged: it lets non-admins break Windows Updates. MS? No plans to fix. 😬 ➡️ https://t.co/4YHD0MkoAy ht
@leonov_av
29 Apr 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ماکروسافت برای آسیب پذیری با کد شناسایی CVE-2025-21204 ،پچ لازم را اعمال نمود. این آسیب پذیری مربوط به servicing stack در ویندوز می شود که به هکرها امکان سوء استفاده از sy
@AmirHossein_sec
27 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-21204 https://t.co/lHJPwtbuie
@BlckC0d3
27 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Surprise! That empty "inetpub" folder on Windows 11 after the April 2025 update isn't a glitch—it's a security upgrade! Microsoft’s got your back against CVE-2025-21204. Who knew empty could be so secure? #WindowsForum #Windows11 #SecurityUpgrade https://t.co/cGWvJ3b97l
@windowsforum
27 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Windows update bug (CVE-2025-21204) creates "inetpub" folder, enabling LPE! Attackers exploit it. Secure your systems! 🛡️ #WindowsSecurity #Cybersecurity #PatchNow https://t.co/TfAMrC9wLi
@CyberWolfGuard
26 Apr 2025
53 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
📣This week's cybersecurity highlights... out now! Everything you need to know this week in one place 👇 🔵 Microsoft's fix for CVE-2025-21204 triggers another vulnerability 🔵 TAG-124: Malicious infrastructure to propagate malware https://t.co/WTJvdGGuj7
@TefTech_EN
25 Apr 2025
226 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی برای Windows Update Stack با کد شناسایی CVE-2025-21204 منتشر شده است. آسیب پذیری به هکرها امکان اجرای کد و ارتقای سطح دسترسی به یوزر system را می دهد. با استفاده پکیج update جعلی یا حمله mitm می توانند این آسیب پذیری را exploit می شود. https://t.co/Poz3aKY03t h
@AmirHossein_sec
25 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows Güncelleme Açığı Kapatırken Yeni Bir Güvenlik Zafiyeti Oluşturdu (CVE-2025-21204) https://t.co/21EXXWVspE https://t.co/vYULOZNyow
@cozumpark
23 Apr 2025
305 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft-Update (Apr 2025) erstellt automatisch einen leeren inetpub-Ordner – auch wenn IIS nicht verwendet wird. Nicht löschen! Gehört zu Sicherheitsmaßnahme (CVE-2025-21204). https://t.co/hMVl3ZKyy4
@WilhelmKlenner
22 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released About the c:\inetpub … https://t.co/Kqr4KIVauA
@samilaiho
22 Apr 2025
2633 Impressions
13 Retweets
37 Likes
16 Bookmarks
1 Reply
0 Quotes
CVE-2025-21204: SYSTEM-Level Privilege Escalation in Windows Update Stack Exposed, PoC Released About the c:\inetpub … https://t.co/Kqr4KIVauA
@samilaiho
22 Apr 2025
1652 Impressions
7 Retweets
23 Likes
8 Bookmarks
0 Replies
0 Quotes
Windows Update Stackの脆弱性(CVE-2025-21204)により、NTFSジャンクションを悪用してSYSTEM権限を取得可能。研究者がPoCを公開。Microsoftは4月の更新でC:\inetpubを事前作成し、攻撃を防止。このフォルダは削除しないこと。 https://t.co/Jg9AeVlXJD
@01ra66it
22 Apr 2025
2534 Impressions
22 Retweets
52 Likes
23 Bookmarks
0 Replies
0 Quotes
Security researcher Elli Shlomo published the technical details and a proof-of-concept exploit code for CVE-2025-21204, a severe local privilege escalation flaw within the Windows Update Stack https://t.co/2p4ZR9l9bd
@the_yellow_fall
22 Apr 2025
572 Impressions
9 Retweets
16 Likes
5 Bookmarks
0 Replies
0 Quotes
Windows 11 users: Notice a new “inetpub” folder? Don’t delete it—it’s part of a security fix (CVE-2025-21204) from the latest Patch Tuesday. If you already deleted it, restore it by enabling "Internet Information Services" in Windows Features. https://t.co/8ns8xuWK63 https://t.c
@arbuonanno
21 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡UPDATES! April 16 #ViaMonstraOfficeHours featuring Andrew Johnson 💻 Some devices being offered a Windows 11 upgrade, TLS Certificates reduced to 47 days, vulnerability - CVE-2025-21204, and more! #ViaMonstraAcademy UPDATES 4.16.25 ➡️ https://t.co/Ewpvf8T9mh https://t.co/hRyd7w
@Mirolus_LLC
18 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡UPDATES! April 16 #ViaMonstraOfficeHours featuring Andrew Johnson 💻 Some devices being offered a Windows 11 upgrade, TLS Certificates reduced to 47 days, vulnerability - CVE-2025-21204, and more! #ViaMonstraAcademy Full Office Hours 4.16.25 ➡️ https://t.co/AFoUWRIvXa https://t
@viamonstra
18 Apr 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-21204: Privilege Escalation via Improper Link Following in the Windows Update Stack https://t.co/DHJN12WrCj Today’s 1day1line covers a privilege escalation vulnerability found in the Windows Update Stack. Without any memory corruption, the escalation was
@hackyboiz
17 Apr 2025
2190 Impressions
19 Retweets
60 Likes
18 Bookmarks
0 Replies
0 Quotes
Noticed a strange “C:\inetpub” folder after the April 2025 Windows (Patch Tuesday) updates? Don’t panic—it’s not a virus. It’s part of a critical security fix (CVE-2025-21204) that protects your system. Microsoft says to leave it, even if you don’t use IIS. #Security #CVE2025
@SentrixShield
16 Apr 2025
23 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
No no no it's not some "bug" guys, It's how Microsoft patched CVE-2025-21204. lmaooo https://t.co/4oeMc85kNy
@RealBigManBonk
16 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
直近のWindowsの定例更新でCドライブ配下に作成された、空のinetpubフォルダについて。Windows Process Activationの権限昇格脆弱性CVE-2025-21204に対する緩和策なので、IISを使用していなくても削除しないように。 https://t.co/JaCFKHaJI9 消してしまった場合、プログラムと機能からIISを有効化
@__kokumoto
15 Apr 2025
3721 Impressions
24 Retweets
50 Likes
15 Bookmarks
1 Reply
1 Quote
Wondering why a new 'inetpub' folder appeared after the latest Windows update? 🧐 It’s not just for IIS. Microsoft added it as a security measure against CVE-2025-21204. Don’t delete it. Here's why: https://t.co/xoBvTHF0Bu #WindowsUpdate #InfoSec #CyberSecurity
@threatsbank
15 Apr 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nach dem neuesten #Windows Update im April taucht ein mysteriöser "inetpub"-Ordner auf. #Microsoft warnt: Nicht löschen! Er schützt vor einer kritischen Sicherheitslücke (CVE-2025-21204). Erfahre mehr und was zu tun ist, falls er weg ist: https://t.co/bAn5ziq9n7 https://t.co/qlay
@JanSiefken
15 Apr 2025
6 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
This CVE-2025-21204 is interesting, first is what would happen if a privileged user creates an "inetpub" and here is Microsoft's new ACL's. They are preventing people writing and deleting files from the Inetpub folder which are being used for SYSTEM / NETWORK SERVICE accounts. ht
@hackerfantastic
14 Apr 2025
3566 Impressions
16 Retweets
41 Likes
15 Bookmarks
1 Reply
0 Quotes
No, don’t delete that new inetpub folder. It’s part of Microsoft’s fix for CVE-2025-21204, a local privilege escalation flaw. ✅ It’s harmless ✅ It’s for protection ❌ It’s not just for IIS Leave it. It’s watching your back. 🔒 https://t.co/SjS8oHRHlk
@CareWeDoNot
14 Apr 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft put C:\inetpub junk there for a reason 🫠 CVE-2025-21204 #greatfix https://t.co/VlVgTdS9mD
@sixtyvividtails
14 Apr 2025
16441 Impressions
26 Retweets
298 Likes
76 Bookmarks
3 Replies
0 Quotes
Microsoft confirms the unexpected “inetpub” folder created after the April 2025 update is not a bug. It’s tied to a security patch (CVE-2025-21204) meant to protect system files from malicious attacks. #Windows11 #Microsoft #CyberSecurity #WindowsUpdate #CVE2025 #SystemSecurity h
@geniuspulse360
13 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Windows users — don’t delete the C:\inetpub folder! After the April 2025 patch, Microsoft confirmed it's created even without IIS installed. ✅ It’s part of a security fix for CVE-2025-21204 🛑 Deleting it may interfere with system protection 🔗 https://t.co/ZYCx4HtprM http
@nizarhammadi81
12 Apr 2025
221 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
If you see a new `inetpub` folder on your Windows 11 after the April 2025 update, don't worry It's part of a security patch for CVE-2025-21204 and should not be deleted. #Windows11 #Microsoft #SecurityUpdate https://t.co/XYkCu5vELR
@ApkZillaDaily
11 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
April 2025 Windows update creates an empty "inetpub" folder (even without IIS). Microsoft warns: do not delete it. It increases protection related to CVE-2025-21204. https://t.co/FrMpnhw4Gp
@Jfreeg_
11 Apr 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Windows update creates an empty "inetpub" folder? 📁 Microsoft warns: DO NOT DELETE! It's part of a security update (CVE-2025-21204) to prevent privilege escalation. 🤔 Learn more to stay secure! #WindowsUpdate #Cybersecurity #InfoSec https://t.co/DzSo1YXUku
@fernandokarl
11 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
あ、パッチ適用で作成されたinetpubフォルダ消しちゃダメなのか / CVE-2025-21204 - セキュリティ更新プログラム ガイド - Microsoft - Windows プロセス アクティブ化の特権昇格の脆弱性 https://t.co/kPUU09EZFb
@_jackson
11 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-21204 🔴 HIGH (7.8) 🏢 Microsoft - Windows Server 2025 🏗️ 10.0.26100.0 🔗 https://t.co/rfILlo6ofV #CyberCron #VulnAlert #InfoSec https://t.co/bI5e0B4WxA
@cybercronai
9 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21204 Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. https://t.co/bHL4lAPB6o
@CVEnew
9 Apr 2025
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]