Local Privilege Escalation Vulnerability in Microsoft Windows DWM
CVE-2025-30400
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 13 May 2025
Badges
What is CVE-2025-30400?
A use after free vulnerability in the Microsoft Windows Desktop Window Manager (DWM) could allow an authorized attacker to elevate privileges locally. By exploiting this flaw, attackers might execute arbitrary commands with elevated privileges, potentially compromising system integrity and confidentiality. It is crucial for users and administrators to apply necessary patches and updates to mitigate risks associated with this vulnerability.
CISA has reported CVE-2025-30400
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-30400 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7314
Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.5854
Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5854