Privilege Escalation Vulnerability in Microsoft DirectX End-User Runtime Web Installer
CVE-2025-68623

8.8HIGH

Key Information:

Vendor

Microsoft
Status
DirectX End-User Runtime Web Installer
Vendor
CVE Published:
11 March 2026

What is CVE-2025-68623?

In the Microsoft DirectX End-User Runtime Web Installer, a low-privilege user can exploit a flaw during installation that allows for the replacement of an executable file. The installer operates with high integrity, downloading executables and DLLs to a temporary folder accessible to standard users. This condition enables an attacker to substitute the original executable with a malicious version. Upon execution by the installer with high integrity privileges, the malicious code can run at elevated levels, facilitating a complete escalation from standard user to SYSTEM privileges. This vulnerability raises significant security concerns due to its potential impact on system integrity and control.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.microsoft.com/en-us/download/details.aspx?id=35
https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.