CVE-2025-29975 is a vulnerability identified in Microsoft PC Manager version 1.0.0, classified under CWE-59: Improper Link Resolution Before File Access ('Link Following'). This vulnerability arises when the software improperly resolves symbolic or hard links before accessing files, allowing an attacker with authorized local access to manipulate the file system paths. By exploiting this flaw, an attacker can trick the application into accessing or modifying files that should be protected, thereby escalating their privileges on the local machine. The vulnerability does not require user interaction and has a low attack complexity, but it does require the attacker to have some level of local privileges (PR:L). The impact is severe, affecting confidentiality, integrity, and availability, as the attacker can gain elevated privileges and potentially take full control of the system. The vulnerability was published on May 13, 2025, with a CVSS v3.1 score of 7.8, indicating a high severity level. No public exploits are known at this time, but the presence of this vulnerability in a widely used Microsoft product makes it a significant concern. The vulnerability is particularly relevant for environments where Microsoft PC Manager is deployed and where local user accounts have limited but exploitable privileges.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Microsoft products in enterprise and government environments. Successful exploitation could allow attackers to elevate privileges from a limited user account to administrative levels, leading to unauthorized access to sensitive data, disruption of critical services, and potential lateral movement within networks. This can result in data breaches, operational downtime, and compliance violations under regulations such as GDPR. The local nature of the exploit means that insider threats or attackers who have gained initial footholds via other means could leverage this vulnerability to deepen their access. The high impact on confidentiality, integrity, and availability underscores the critical need for timely mitigation. Organizations with remote or hybrid workforces may face increased risk if endpoint devices running Microsoft PC Manager are not adequately secured.

1. Apply patches or updates from Microsoft as soon as they become available for PC Manager 1.0.0 to address this vulnerability. 2. Until patches are released, restrict local user permissions to the minimum necessary, preventing users from having write access to directories or files that could be exploited via link following. 3. Implement application whitelisting and endpoint protection solutions to monitor and block suspicious local file system activities, including abnormal link resolutions. 4. Conduct regular audits of local user accounts and privileges to identify and remove unnecessary elevated permissions. 5. Employ robust endpoint detection and response (EDR) tools to detect potential exploitation attempts involving privilege escalation. 6. Educate IT and security teams about the vulnerability specifics to enhance monitoring and incident response readiness. 7. Isolate critical systems where feasible to limit the impact of potential local privilege escalations. 8. Review and harden file system permissions and symbolic link usage policies to reduce attack surface related to link following vulnerabilities.