CVE-2025-21228

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Published Jan 14, 2025

CWE ID 125

Summary

CVE-2025-21228 is an elevation of privilege vulnerability affecting Windows Digital Media. An attacker who successfully exploits this weakness can escalate their user privileges, potentially gaining control over a targeted system. The issue arises due to insufficient input validation in the handling of specially crafted media files, allowing an attacker to execute arbitrary code in the context of a more privileged user. This vulnerability poses a significant risk to organizations and individuals using Windows Digital Media and requires immediate attention and patching to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft Windows Server 2008

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners