CVE-2025-50165

Опубликовано: 12 авг. 2025

Источник: msrc

CVSS3: 9.8

EPSS Низкий

Описание

Windows Graphics Component Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

FAQ

According to the CVSS metric, attack vector is (AV:N) and user interaction is none (UI:N). What does that mean for this vulnerability?

This can happen without user intervention. An attacker can use an uninitialized function pointer being called when decoding a JPEG image. This can be embedded in Office and 3rd party documents/files

How could an attacker exploit the vulnerability?

An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.

Обновления

Продукт	Статья	Обновление
Windows 11 Version 24H2 for ARM64-based Systems	5063878 5064010	Security Update SecurityHotpatchUpdate
Windows 11 Version 24H2 for x64-based Systems	5063878 5064010	Security Update SecurityHotpatchUpdate
Windows Server 2025	5063878 5064010	Security Update SecurityHotpatchUpdate
Windows Server 2025 (Server Core installation)	5063878 5064010	Security Update SecurityHotpatchUpdate

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 53%

0.00302

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2025-50165

CVSS3: 9.8

nvd

3 дня назад

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

GHSA-j5q9-ffgr-33m9

CVSS3: 9.8

github

3 дня назад

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

EPSS

Процентиль: 53%

0.00302

Низкий

9.8 Critical

CVSS3