CVE-2025-32714 | THREATINT

Home

Description

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-04-09 | Published 2025-06-10 | Updated 2025-07-11 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-284: Improper Access Control

Product status

10.0.17763.0 (custom) before 10.0.17763.7434

affected

10.0.17763.0 (custom) before 10.0.17763.7434

affected

10.0.17763.0 (custom) before 10.0.17763.7434

affected

10.0.20348.0 (custom) before 10.0.20348.3807

affected

10.0.19044.0 (custom) before 10.0.19044.5965

affected

10.0.22621.0 (custom) before 10.0.22621.5472

affected

10.0.19045.0 (custom) before 10.0.19045.5965

affected

10.0.26100.0 (custom) before 10.0.26100.4349

affected

10.0.22631.0 (custom) before 10.0.22631.5472

affected

10.0.22631.0 (custom) before 10.0.22631.5472

affected

10.0.25398.0 (custom) before 10.0.25398.1665

affected

10.0.26100.0 (custom) before 10.0.26100.4349

affected

10.0.26100.0 (custom) before 10.0.26100.4349

affected

10.0.10240.0 (custom) before 10.0.10240.21034

affected

10.0.14393.0 (custom) before 10.0.14393.8148

affected

10.0.14393.0 (custom) before 10.0.14393.8148

affected

10.0.14393.0 (custom) before 10.0.14393.8148

affected

6.0.6003.0 (custom) before 6.0.6003.23351

affected

6.0.6003.0 (custom) before 6.0.6003.23351

affected

6.0.6003.0 (custom) before 6.0.6003.23351

affected

6.1.7601.0 (custom) before 6.1.7601.27769

affected

6.1.7601.0 (custom) before 6.1.7601.27769

affected

6.2.9200.0 (custom) before 6.2.9200.25522

affected

6.2.9200.0 (custom) before 6.2.9200.25522

affected

6.3.9600.0 (custom) before 6.3.9600.22620

affected

6.3.9600.0 (custom) before 6.3.9600.22620

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714 (Windows Installer Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-32714)

nvd.nist.gov (CVE-2025-32714)

Download JSON