Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

Microsoft Windows: CVE-2025-33075: Windows Installer Elevation of Privilege Vulnerability

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Jun 10, 2025
Added
Jun 10, 2025
Modified
May 8, 2026

Description

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

Solutions

microsoft-windows-windows_10-1507-kb5060998microsoft-windows-windows_10-1607-kb5061010microsoft-windows-windows_10-1809-kb5060531microsoft-windows-windows_10-21h2-kb5060533microsoft-windows-windows_10-22h2-kb5060533microsoft-windows-windows_11-22h2-kb5060999microsoft-windows-windows_11-23h2-kb5060999microsoft-windows-windows_11-24h2-kb5060842microsoft-windows-windows_server_2012-kb5061059microsoft-windows-windows_server_2012_r2-kb5061018microsoft-windows-windows_server_2016-1607-kb5061010microsoft-windows-windows_server_2019-1809-kb5060531microsoft-windows-windows_server_2022-21h2-kb5060526microsoft-windows-windows_server_2022-22h2-kb5060526microsoft-windows-windows_server_2022-23h2-kb5060118microsoft-windows-windows_server_2025-24h2-kb5060842

References

    Title
    Rapid7 Labs

    2026 Global Threat Landscape Report

    The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

    Get report