CVE-2025-59254

HIGH

Windows 10/11, Server 2016 - Privilege Escalation via Heap Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-59254. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This is a technical writeup describing a heap-based buffer overflow in the Desktop Window Manager Core Library (DWM) that could lead to local privilege escalation. The author intentionally omits exploit code but provides details on the vulnerability's root cause and impact.

Description

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Exploits (1)

exploitdb WRITEUP

by nu11secur1ty · textlocalwindows

https://www.exploit-db.com/exploits/52493

View Code ZIP pw:eip

This is a technical writeup describing a heap-based buffer overflow in the Desktop Window Manager Core Library (DWM) that could lead to local privilege escalation. The author intentionally omits exploit code but provides details on the vulnerability's root cause and impact.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Windows Desktop Window Manager (DWM) Core Library 10.0.10240.0

No auth needed

Prerequisites: Local access to the target system · Ability to trigger the vulnerable code path in DWM

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed May 07, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59254

Scores

CVSS v3 7.8

EPSS 0.0103

EPSS Percentile 59.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (14)

microsoft/windows_10_1507 < 10.0.10240.21161 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.8519 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7919 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.6456

microsoft/windows_10_22h2 < 10.0.19045.6456

microsoft/windows_11_22h2 < 10.0.22621.6060

microsoft/windows_11_23h2 < 10.0.22631.6060

microsoft/windows_11_24h2 < 10.0.26100.6899

microsoft/windows_11_25h2 < 10.0.26200.6899

microsoft/windows_server_2016 < 10.0.14393.8519

... and 4 more

Published Oct 14, 2025

Tracked Since Feb 18, 2026