CVE-2025-68623

HIGH EPSS 2.9%

Published Mar 11, 20263mo ago · Modified Mar 12, 20263mo ago

8.8 CVSS 3.1

High

Published Mar 11, 2026 3mo ago

Last Modified Mar 12, 2026 3mo ago

Description

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed.

CVSS Details

Base Score

8.8

Exploitability

2.0

Impact

6.0

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

2.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-284

References 3

talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2025-2293
microsoft.com https://www.microsoft.com/en-us/download/details.aspx?id=35
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2293

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.