CVE-2025-63945 Tencent iOA EoP Key Information CVE ID: CVE-2025-63945 Product: Tencent iOA Version Affected: before 210.9.28693.62001 Vulnerability Summary A vulnerability was discovered in Tencent PC Manager where files and directories under are insecurely handled. An attacker can leverage symbolic link (symlink) attacks to coerce a SYSTEM-privileged process into deleting arbitrary files, resulting in local privilege escalation. Affected Process LegacyKB_ioa_win.exe Vulnerable Behavior Creates a directory under Downloads files and creates subdirectories with a tilde (~) prefix inside Deletes the tilde (~) subdirectory with SYSTEM privileges Exploitation Steps 1. Create folder 2. Set OpLock on folder 3. Legacy_.exe attempts to remove folder with SYSTEM privilege 4. Pause the Legacy_.exe process due to OpLock 5. Move file to another location 6. Create junction to 7. Create symbolic link to target folder/file 8. Release OpLock 9. Delete symbolic link 10. Target file/folder (e.g., ) would be deleted Proof of Concept Video https://drive.google.com/file/d/1RXQgaNBDDepurcP63xmhMXDM7stHaIzO/view?usp=sharing