CVE-2025-24058

dwmcore.dll — improper input validation allows elevation of privilege

Summary

Field	Value
Driver	dwmcore.dll (Desktop Window Manager Core Library)
Vulnerability Class	Improper Input Validation
CVSS	7.8
Exploited ITW	No
Patch Date	June 10, 2025

Root Cause

The DWM Core Library skips input validation during composition operations. Malformed input triggers a corruption path in the SYSTEM-context DWM process.

DWM runs as SYSTEM, so code execution in the DWM process context yields full privileges.

Exploitation

The attacker sends crafted composition data to the DWM process. The missing validation causes memory corruption and code execution in the SYSTEM-context DWM process.

Exploitation Primitive

Crafted composition data → improper validation
  → memory corruption → code execution in DWM (SYSTEM)

References

• MSRC Advisory