CVE-2025-30388

Опубликовано: 14 мая 2025

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Windows Graphics Component Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

FAQ

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?

Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5058430 5058454	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5058430 5058454	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5058449 5058429	Monthly Rollup Security Only
Windows Server 2012	5058451	Monthly Rollup
Windows Server 2012 (Server Core installation)	5058451	Monthly Rollup
Windows Server 2012 R2	5058403	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5058403	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 22%

0.00068

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2025-30388

CVSS3: 7.8

nvd

около 1 месяца назад

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

GHSA-9j2q-rv22-36xm

CVSS3: 7.8

github

около 1 месяца назад

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

BDU:2025-05595

CVSS3: 7.8

fstec

около 1 месяца назад

Уязвимость компонента Graphics операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 22%

0.00068

Низкий

7.8 High

CVSS3