Intrusion PreventionMS.DWM.CVE-2025-30400.Privilege.Elevation
Description
This indicates an attack attempt to exploit a Privilege Elevation Vulnerability in Microsoft Desktop Windows Manager.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted file. Successful exploitation could result in the elevation of privilege within the context of the vulnerable system.
Affected Products
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 57995 |
| Created | May 13, 2025 |
| Updated | May 20, 2025 |
| CVE ID | |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 0.75% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Resource Management Errors |