Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
References
| Link | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25189 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Mar 2026, 17:00
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* |
|
| First Time |
Microsoft windows 10 1809
Microsoft windows Server 2022 Microsoft windows 10 21h2 Microsoft Microsoft windows 10 22h2 Microsoft windows Server 2019 |
|
| References | () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25189 - Vendor Advisory | |
| Summary |
|
10 Mar 2026, 18:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-10 18:18
Updated : 2026-03-13 17:00
NVD link : CVE-2026-25189
Mitre link : CVE-2026-25189
CVE.ORG link : CVE-2026-25189
JSON object : View
Products Affected
microsoft
- windows_10_1809
- windows_10_22h2
- windows_10_21h2
- windows_server_2022
- windows_server_2019
CWE
CWE-416
Use After Free