CVE-2025-21304
published 2025-01-14CVE-2025-21304: Microsoft DWM Core Library Elevation of Privilege Vulnerability
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.60%
43.9th percentile
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_10_1809 | < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_10_21h2 | < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_22h2 | < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_server_2016 | < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7699 | 10.0.14393.7699 |
| microsoft | windows_server_2019 | < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6775 | 10.0.17763.6775 |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft DWM Core Library Elevation of Privilege Vulnerability
vendor_msrc·2025-01-14·CVSS 7.8
CVE-2025-21304 [HIGH] CWE-416 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
FAQ: What privileges could an attacker gain with successful exploitation?
An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.
This could lead to further system compromise and unauthorized actions within the network.
Windows DWM Core Library: Windows DWM Core Library
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008
Reference: https://support.microsoft.com/he
GHSA
GHSA-v77c-hvv5-38w8: Microsoft DWM Core Library Elevation of Privilege Vulnerability
ghsa_unreviewed·2025-01-14
CVE-2025-21304 [HIGH] CWE-416 GHSA-v77c-hvv5-38w8: Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
2025-01-14
Published