DLL Hijacking Vulnerability in Windows 11 for ARM64 by Microsoft
CVE-2025-7676

5.4MEDIUM

Key Information:

Vendor: Microsoft, Inc
Status: Windows 11
Vendor: CVE Published:; 28 July 2025

🔔 Create Microsoft, Inc Vulnerability Alert

What is CVE-2025-7676?

This vulnerability allows attackers to exploit DLL hijacking in all PE32 executables running on the Windows 11 ARM64 architecture. By placing a malicious DLL in the same directory as the vulnerable executable, an attacker can execute arbitrary code when the executable is launched. This issue arises because vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would not typically be sourced from the application directory, presenting an opportunity for exploitation. Users are advised to upgrade to release 24H2, which addresses this security concern.

Affected Version(s)

Windows 11 ARM 0 < 24H2

References

https://raw.githubusercontent.com/reidmefirst/vuln-disclo...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 15, 2025