Windows Installer Elevation of Privilege Vulnerability in Microsoft Products
CVE-2025-27727
7.8HIGH
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 8 April 2025
What is CVE-2025-27727?
A vulnerability exists in Windows Installer that allows attackers to improperly resolve links prior to file access. This flaw can be exploited by authenticated users to elevate their privileges locally, potentially leading to unauthorized access to system resources and sensitive data. Organizations utilizing affected versions of Windows should implement mitigations and prioritize updates to safeguard against potential exploitation.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20978
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7969
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7136