CVE-2025-26666

Published Apr 8, 2025

Last updated a month ago

CVSS high 7.8
Windows Media

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-26666 is a heap-based buffer overflow vulnerability found in Windows Media. It allows an authorized attacker with local access to execute code on a vulnerable system. The vulnerability stems from a buffer overflow in the heap, which could allow an attacker to overwrite memory and potentially execute arbitrary code with the privileges of the affected application.

Description
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-122

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

21

References

Sources include official advisories and independent security research.