CVE-2025-21322 is an elevation of privilege vulnerability identified in Microsoft PC Manager version 1.0.0, classified under CWE-59, which involves improper link resolution before file access, commonly known as 'link following'. This vulnerability allows an attacker with limited privileges (PR:L) on a local system to exploit the way the software resolves symbolic or hard links before accessing files, potentially redirecting file operations to unintended locations. This can lead to unauthorized access or modification of sensitive files, resulting in full compromise of confidentiality, integrity, and availability of the system. The CVSS 3.1 base score is 7.8, reflecting high severity due to high impact on all security properties and relatively low attack complexity (AC:L). The attack does not require user interaction (UI:N) but does require local access and some privileges. The scope is unchanged (S:U), meaning the vulnerability affects the same security authority as the vulnerable component. No known exploits have been reported in the wild, and no patches have been published at the time of disclosure. The vulnerability was reserved in December 2024 and published in February 2025. Microsoft PC Manager is a system management tool, and exploitation could allow attackers to elevate privileges and execute arbitrary code or manipulate system files, potentially leading to broader system compromise.

For European organizations, this vulnerability poses a significant risk especially in environments where Microsoft PC Manager 1.0.0 is deployed. Successful exploitation could allow attackers with limited local access to escalate privileges, bypassing security controls and gaining administrative capabilities. This could lead to unauthorized data access, system configuration changes, installation of persistent malware, or disruption of critical services. Organizations with sensitive data or critical infrastructure managed via Microsoft PC Manager could face data breaches, operational downtime, or compliance violations under GDPR. The lack of available patches increases the window of exposure, and internal threat actors or attackers who gain initial footholds through phishing or other means could leverage this vulnerability for lateral movement. The impact is particularly severe in sectors such as finance, healthcare, and government where data integrity and availability are paramount.

To mitigate this vulnerability, organizations should first restrict local access to systems running Microsoft PC Manager, ensuring only trusted users have login privileges. Implement strict file system permissions and monitor for unusual symbolic link creation or file access patterns indicative of exploitation attempts. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behavior related to privilege escalation. Network segmentation can limit the spread of an attacker who gains elevated privileges. Since no patch is currently available, organizations should prepare to deploy updates immediately upon release from Microsoft. Additionally, conduct internal audits to identify all instances of Microsoft PC Manager 1.0.0 and consider temporary removal or replacement with alternative tools if feasible. User education on the risks of local credential compromise and enforcing least privilege principles will further reduce risk.