CVE-2025-68623

Name of the Vulnerable Software and Affected Versions Microsoft DirectX End-User Runtime Web Installer version 9.29.1974.0

Description A low-privilege user can replace an executable file during the installation process, potentially leading to unintended elevation of privileges. The installer operates with HIGH integrity and downloads executables and DLLs to the %TEMP% folder, which is writable by standard users. The installer then executes the downloaded executable with HIGH integrity to complete the installation. An attacker can substitute the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, the attacker's code runs with HIGH integrity. Because code running with HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation path from standard user to SYSTEM. The supplier disputes this issue, stating that this behavior is by design.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.