CVE-2025-29975 is a high-severity local privilege escalation vulnerability affecting Microsoft PC Manager version 1.0.0. The root cause is an improper link resolution before file access, also known as 'link following', classified under CWE-59. This vulnerability allows an authorized attacker with limited privileges on the affected system to exploit the way Microsoft PC Manager resolves symbolic links or shortcuts before accessing files. Improper handling can lead to the attacker tricking the application into accessing or modifying unintended files or directories, thereby escalating their privileges. The vulnerability does not require user interaction and can be exploited with low attack complexity, but it does require the attacker to have some level of local access (low privileges). The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, as successful exploitation could allow the attacker to gain elevated privileges, potentially leading to full system compromise. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on vendor updates once available. The vulnerability was reserved in March 2025 and published in May 2025, indicating recent discovery and disclosure.

For European organizations, this vulnerability poses a significant risk especially in environments where Microsoft PC Manager 1.0.0 is deployed. Since the vulnerability allows local privilege escalation, an attacker who gains initial access with limited rights—such as through phishing, insider threat, or compromised credentials—could leverage this flaw to gain administrative control over affected systems. This could lead to unauthorized access to sensitive data, disruption of critical services, and the ability to deploy further malware or ransomware. The high impact on confidentiality, integrity, and availability means that critical infrastructure, financial institutions, healthcare providers, and government agencies in Europe could face severe operational and reputational damage if exploited. Additionally, the lack of a patch at the time of disclosure means organizations must rely on interim mitigations, increasing exposure. The threat is particularly relevant in environments with shared workstations or where endpoint management tools like Microsoft PC Manager are widely used.

Given the absence of an official patch, European organizations should implement specific mitigations to reduce risk. First, restrict local user permissions strictly to the minimum necessary to limit the pool of users who can exploit this vulnerability. Employ application whitelisting and endpoint protection solutions to monitor and block suspicious local activities related to file system access and symbolic link manipulation. Conduct thorough audits of systems running Microsoft PC Manager 1.0.0 to identify and isolate vulnerable endpoints. Use group policies or endpoint management tools to disable or limit the use of Microsoft PC Manager where feasible until a patch is available. Monitor system logs for unusual file access patterns or privilege escalation attempts. Educate users about the risks of local privilege escalation and enforce strong authentication and session management to prevent unauthorized local access. Once Microsoft releases a patch, prioritize its deployment across all affected systems. Additionally, consider network segmentation to limit lateral movement if an endpoint is compromised.