CVE-2025-64680
dwmcore.dll — heap-based buffer overflow allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | dwmcore.dll (Desktop Window Manager Core Library) |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | December 9, 2025 |
Root Cause
A heap-based buffer overflow in the DWM Core Library occurs during composition surface processing. Missing size validation allows writing past buffer boundaries. DWM runs as SYSTEM, so corruption yields full privileges.
Exploitation
The attacker triggers the heap overflow through crafted composition surface operations. The overflow corrupts adjacent heap objects for code execution in the SYSTEM-context DWM process.
Exploitation Primitive
Crafted composition surface → heap buffer overflow
→ adjacent object corruption → code execution in DWM (SYSTEM)