### [CVE-2025-24074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24074)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10.0.17763.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.19044.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.19045.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.20348.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.22621.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.22631.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.25398.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.26100.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brightgreen)

### Description

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds