CVE-2025-26674
Published: 08 April 2025
Summary
CVE-2025-26674 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 23.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-26674 is a heap-based buffer overflow vulnerability, tracked under CWE-122, that affects the Windows Media component. It carries a CVSS 3.1 base score of 7.8 and was published on 8 April 2025.
An authorized local attacker with low privileges can exploit the flaw without user interaction to execute arbitrary code on the affected system, resulting in full compromise of confidentiality, integrity, and availability.
The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26674 addresses mitigation steps and available updates. The associated EPSS score remains low, with a current value of 0.0093 and a peak of 0.0107.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10206
Vulnerability details
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.