CVE-2025-21373

Summary

CVE-2025-21373 is an elevation of privilege vulnerability affecting Windows Installer. An attacker who successfully exploits this vulnerability can gain administrative privileges on a targeted system. The vulnerability arises due to a flaw in the way Windows Installer handles certain installation processes. An attacker could potentially manipulate this process, leading to privilege escalation. This issue poses a significant risk, as administrative access grants an attacker the ability to install malware, modify system settings, and access sensitive data. Users are advised to apply the available Microsoft patch as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.