CVE-2025-68623HIGH 8.8EPSS p2.8%

CVE-2025-68623CVE-2025-68623

Description

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.13% probability of exploitation · percentile 2.8% · 2026-06-19T12:03:05Z
Published2026-03-11
Last modified2026-03-12

Underlying weaknesses· 1

CWE-284

References

  1. https://talosintelligence.com/vulnerability_reports/TALOS-2025-2293
  2. https://www.microsoft.com/en-us/download/details.aspx?id=35
  3. https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2293

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61973
CVE
CVE-2025-20003
CVE
Microsoft Windows Installer Privilege Escalation Vulnerability
CVE
CVE-2025-43715
CVE
Microsoft Windows Installer Improper Privilege Management Vulnerability
Sub-technique
Executable Installer File Permissions Weakness
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.