Elevation of Privilege Vulnerability in Microsoft Windows Installer
CVE-2025-62571

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-62571?

An improper input validation flaw in Microsoft Windows Installer can be exploited by a local authorized attacker to escalate privileges. This vulnerability allows for potential abuse of system-level permissions, enabling unauthorized actions within the operating system. Proper mitigation and security measures are essential to protect against potential exploitation of this weakness.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8688

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8146

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6691

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 15, 2025

JSON