CVE-2025-30400

Published May 13, 2025

Last updated 3 days ago

Exploit knownCVSS high 7.8

Overview

Description
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Exploit added on
May 13, 2025
Exploit action due
Jun 3, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-416

Social media

Hype score
Not currently trending

  1. CVE-2025-30400 is a high-severity use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library, which plays a crucial role in rendering the graphical desktop environment. What does this mean for you? https://t.co/SSVRWs0xJT

    @Al13203

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/Dq8Qb3AqIK https://t.co/vQHwQpv1jS

    @ggrubamn

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/2O9bm9ajQf https://t.co/iRfSNnHrjK

    @secured_cyber

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Microsoft Patch Tuesday: 78 Flaws, 5 Zero-Days Exploited! 🔍 28 RCE, 20 EoP bugs fixed 🔐 SAP NetWeaver critical flaw (CVE-2025-42999) patched Patch NOW: ✅ CVE-2025-30400 (Win DWM Core) ✅ CVE-2025-29813 (Azure, CVSS 10.0) 🛡️ Protect your systems #PatchTuesday #

    @CyberWolfGuard

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/oCqgFJSpID https://t.co/to0H1eqA5i

    @PintoriAlice

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Windows DWMの脆弱性CVE-2025-30400がゼロデイ悪用されている。5月の定例更新での修正。CVSSスコア7.8で、ローカル権限昇格が可能な解放後メモリ使用。 https://t.co/VGnkTLb3XK

    @__kokumoto

    789 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/fVLEHRDIAv https://t.co/nNKlRk6IFJ

    @Art_Capella

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Ujawniono pięć aktywnie wykorzystywanych luk zero-day w systemie Windows 💣 CVE-2025-30397 – zdalne wykonanie kodu przez przeglądarkę (RCE) 💣 CVE-2025-32701 i CVE-2025-32706 – podniesienie uprawnień w CLFS 💣 CVE-2025-30400 – podniesienie uprawnień w D

    @Sekurak

    4227 Impressions

    6 Retweets

    40 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/51odky3E8b https://t.co/xMMH7BdTJT

    @Trej0Jass

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-30400

    @transilienceai

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1337 CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability ============= CVSSスコア:7.8 (Base) / Microsoft Corporation CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:

    @piyokango

    3968 Impressions

    3 Retweets

    11 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  20. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/ymqJiQPblS https://t.co/UWmtTifko4

    @dansantanna

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-30400 Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. https://t.co/1qd8RW11My

    @CVEnew

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.