CVE-2025-50175
published 2025-10-14CVE-2025-50175: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_21h2 | < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_22h2 | < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_11_22h2 | < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_23h2 | <= 10.0.22631.6060 | — |
| microsoft | windows_11_24h2 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_25h2 | < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_server_2019 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2022 | < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1913 | 10.0.25398.1913 |
| microsoft | windows_server_2025 | <= 10.0.26100.6899 | — |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
Microsoft
Windows Digital Media Elevation of Privilege Vulnerability
vendor_msrc·2025-10-14·CVSS 7.8
CVE-2025-50175 [HIGH] CWE-416 Windows Digital Media Elevation of Privilege Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
Description: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.
Windows Digital Media: Windows Digital Media
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586
Reference: https://support.microsoft.com/help/5066586
Reference: https://catalog.up
GHSA
GHSA-73r4-hwf4-p5qm: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-10-14
CVE-2025-50175 [HIGH] CWE-416 GHSA-73r4-hwf4-p5qm: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
2025-10-14
Published