CVE-2025-64679

🔴 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Published

Dec 09, 2025

Last Modified

Dec 12, 2025

Views

Bookmarks

Description

Request Expert Review

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Affected Products (17)

microsoft - windows_10_1507

Version: *

microsoft - windows_10_1507

Version: *

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_21h2

Version: *

microsoft - windows_10_22h2

Version: *

microsoft - windows_11_22h2

Version: *

microsoft - windows_11_23h2

Version: *

microsoft - windows_11_24h2

Version: *

microsoft - windows_11_25h2

Version: *

microsoft - windows_server_2016

Version: *

microsoft - windows_server_2019

Version: *

microsoft - windows_server_2022

Version: *

microsoft - windows_server_2022_23h2

Version: *

microsoft - windows_server_2025

Version: *

CVSS Scores

CVSS 3.1 7.8

7.8

HIGH

CVSS 2.0 7.8

References

msrc.microsoft.com

Additional Information

Source: secure@microsoft.com
State: Analyzed

Related CVEs

CVE-2025-67847

HIGH

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to ins...

Score: 8.8

CVE-2025-3839

HIGH

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be...

Score: 8.0

CVE-2025-15522

MEDIUM

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scrip...

Score: 6.4

CVE-2026-0796

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0795

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0794

HIGH

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

Score: 8.1

Share CVE-2025-64679

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2025-64679 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2025-64679

Description

Affected Products (17)

microsoft - windows_10_1507

microsoft - windows_10_1507

microsoft - windows_10_1607

microsoft - windows_10_1607

microsoft - windows_10_1809

microsoft - windows_10_1809

microsoft - windows_10_21h2

microsoft - windows_10_22h2

microsoft - windows_11_22h2

microsoft - windows_11_23h2

microsoft - windows_11_24h2

microsoft - windows_11_25h2

microsoft - windows_server_2016

microsoft - windows_server_2019

microsoft - windows_server_2022

microsoft - windows_server_2022_23h2

microsoft - windows_server_2025

CVSS Scores

References

Additional Information

Related CVEs

CVE-2025-67847

CVE-2025-3839

CVE-2025-15522

CVE-2026-0796

CVE-2026-0795

CVE-2026-0794

Share CVE-2025-64679

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis