A newly discovered 0-day vulnerability in Windows Storage has sent shockwaves through the cybersecurity community.
Identified as CVE-2025-21391, this critical flaw allows attackers to elevate privilege and remotely delete targeted files on a victim’s system without their interaction. Microsoft officially confirmed the issue on February 11, 2025.
According to the advisory, this vulnerability stems from a weakness categorized under CWE-59: Improper Link Resolution Before File Access (‘Link Following’).
.png
)
If exploited successfully, threat actors with low-level privileges may elevate their access and compromise the integrity and availability of the system, deleting critical files remotely.
Technical Analysis
The vulnerability has been assigned a severity rating of Important with a CVSS v3.1 score of 7.1, indicating a high impact on Integrity (I: High) and Availability (A: High).
Exploitation requires local access but is marked by low attack complexity and does not require user interaction.
The exploit has been labeled “functional,” meaning attackers are actively leveraging this flaw in real-world scenarios.
Key Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
Exploit Status and Impact
Microsoft confirmed that this vulnerability is being actively exploited in the wild, making it a pressing concern for individuals and organizations using affected versions of Windows.
While specific details of exploited cases remain undisclosed, it is evident that attackers are leveraging this vulnerability to delete or manipulate sensitive files, potentially leading to system downtime or data loss.
The exploitability of the vulnerability is heightened due to the improper resolution of symbolic links, which can be manipulated by attackers to gain unauthorized access.
The scope remains “unchanged,” signifying that the vulnerability does not impact additional components beyond the targeted system.
As of the time of publication, Microsoft has issued an official fix as part of their latest Patch Tuesday, February 2025 updates. All users and organizations are strongly encouraged to apply the latest security patches provided by Microsoft to mitigate the risk.
- Prompt Updates: Ensure all critical and security updates for Windows are applied immediately.
- Privilege Restriction: Limit user privileges to the minimum required for their roles.
- File System Monitoring: Enable visibility into file modifications or deletions.
The discovery of CVE-2025-21391 highlights the growing threat of 0-day vulnerabilities targeting critical operating system components.
With active exploitation already underway, swift action is essential to safeguard sensitive data and ensure system stability.
Microsoft and Mitre are continuing to monitor the situation and encourage users to stay informed and up-to-date on future developments.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
