Elevation of Privilege Vulnerability in Microsoft Windows DWM Core Library
CVE-2025-24062

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Server 2022
Windows 10 Version 21h2
Windows 11 Version 22h2
Windows 10 Version 22h2
Vendor
CVE Published:
8 April 2025

Summary

A vulnerability exists in the Windows DWM Core Library where improper input validation can allow an authorized attacker to elevate their privileges locally. This flaw exposes systems to potential misuse, enabling the exploitation of critical security features and the ability to execute actions with enhanced permissions.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.5737

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5737

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.5189

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-24062 : Elevation of Privilege Vulnerability in Microsoft Windows DWM Core Library | SecurityVulnerability.io