CVE-2025-21195

Improper link resolution before file access (link following) in Service Fabric allows an authorized attacker to elevate privileges locally.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Azure_service_fabric	Microsoft	*	10.1 (excluding)
Azure_service_fabric	Microsoft	10.1 (including)	10.1 (including)
Azure_service_fabric	Microsoft	10.1-cumulative_update_2 (including)	10.1-cumulative_update_2 (including)
Azure_service_fabric	Microsoft	10.1-cumulative_update_3 (including)	10.1-cumulative_update_3 (including)
Azure_service_fabric	Microsoft	10.1-cumulative_update_4 (including)	10.1-cumulative_update_4 (including)
Azure_service_fabric	Microsoft	10.1-cumulative_update_5 (including)	10.1-cumulative_update_5 (including)
Azure_service_fabric	Microsoft	10.1-cumulative_update_6 (including)	10.1-cumulative_update_6 (including)

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21195

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-21195
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References