CVE-2025-21337

Summary

CVE-2025-21337 is a newly discovered elevation of privilege vulnerability affecting Windows NTFS file systems. The flaw allows an attacker to manipulate specific NTFS file attributes, potentially granting them administrative privileges on a vulnerable system. This vulnerability could be exploited remotely, posing a significant risk to organizations and individuals using unpatched Windows installations. Exploitation may involve creating or modifying specially crafted files to trigger the privilege escalation. Microsoft has issued an advisory and a patch to mitigate this issue. It is strongly recommended that users promptly apply the patch to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.