CVE-2025-68623

EPSS 0.01%
Veröffentlicht 11.03.2026 00:00:00
Zuletzt bearbeitet 12.03.2026 21:08:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 0 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.025

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.microsoft.com/en-us/download/details.aspx?id=35

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2293

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2293

https://nvd.nist.gov/vuln/detail/CVE-2025-68623

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68623

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68623

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-68623