CVE-2025-30400

Name of the Vulnerable Software and Affected Versions Microsoft Windows DWM Core Library (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library. This vulnerability allows an authorized attacker to elevate privileges locally. The vulnerability has been exploited in real-world attacks, with facts of exploitation confirmed. The estimated number of potentially affected devices worldwide is not specified.

Recommendations To resolve the issue, apply the patch with KB5036893/94 for Windows 10, 11, and Server 2025. As a temporary workaround, consider restricting access to the vulnerable DWM Core Library until a patch is available. Avoid using the vulnerable library in sensitive operations until the issue is resolved. At the moment, there is no additional information about other affected versions or specific mitigation measures for them.