Microsoft has addressed a zero-day vulnerability in the Windows Desktop Window Manager (DWM) Core Library, identified as CVE-2025-30400, which allows attackers to gain SYSTEM-level privileges on affected systems. This "Elevation of Privilege" vulnerability, arising from a "use-after-free" memory corruption issue, was actively exploited prior to the release of a patch on May 13, 2025. The vulnerability permits an authorized attacker to execute code with SYSTEM privileges by exploiting improper memory management within the DWM process. Microsoft classified the severity of this vulnerability as "Important" and assigned it a CVSS score of 7.8. Users and administrators are strongly advised to apply the latest updates to mitigate the risk of exploitation.