CVE-2026-25189
published 2026-03-10CVE-2026-25189: Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.8511 | 10.0.17763.8511 |
| microsoft | windows_10_21h2 | < 10.0.19044.7058 | 10.0.19044.7058 |
| microsoft | windows_10_22h2 | < 10.0.19045.7058 | 10.0.19045.7058 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.8511 | 10.0.17763.8511 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.7058 | 10.0.19044.7058 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.7058 | 10.0.19045.7058 |
| microsoft | windows_server_2019 | < 10.0.17763.8511 | 10.0.17763.8511 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.8511 | 10.0.17763.8511 |
| microsoft | windows_server_2022 | < 10.0.20348.4830 | 10.0.20348.4830 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4893 | 10.0.20348.4893 |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |