CVE-2025-29975

Published May 13, 2025

Last updated 10 months ago

CVSS high 7.8

Overview

Description
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
pc_manager

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-59

Social media

Hype score
Not currently trending

  1. CVE-2025-29975 Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. https://t.co/hpABi7OyeY

    @CVEnew

    13 May 2025

    154 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.CVE-2025-49728
  2. Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.CVE-2025-49738
  3. Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.CVE-2025-46014
  4. Microsoft PC Manager Elevation of Privilege VulnerabilityCVE-2025-21322
  5. Microsoft PC Manager Elevation of Privilege VulnerabilityCVE-2024-49051

References

Sources include official advisories and independent security research.