CVE-2025-50165Untrusted Pointer Dereference in Microsoft Windows 11 Version 24h2

CWE-822Untrusted Pointer DereferenceCWE-908Use of Uninitialized Resource17 documents11 sources
Severity
9.8CRITICALNVD
EPSS
3.7%
top 12.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Windows 11 Version 24h2Microsoft Windows Server 2025Microsoft Windows 11 24h2
Timeline
PublishedAug 12
Latest updateDec 22

Description

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDmicrosoft/windows< 10.0.26100.4851
NVDmicrosoft/windows_11_24h2< 10.0.26100.4851
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.4946
CVEListV5microsoft/windows_11_version_24h210.0.26100.010.0.26100.4946

🔴Vulnerability Details

2
CVEList
Windows Graphics Component Remote Code Execution Vulnerability2025-08-12
GHSA
GHSA-j5q9-ffgr-33m9: Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network2025-08-12

📋Vendor Advisories

1
Microsoft
Windows Graphics Component Remote Code Execution Vulnerability2025-08-12

🕵️Threat Intelligence

13
Eset
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component2025-12-22
Zscaler
Rethinking Cybersecurity in Education: A Vision for Secure Learning with Zero Trust | Zscaler2025-12-16
Zscaler
CVE-2025-50165: Windows Graphics Component Flaw | ThreatLabz2025-11-20
Krebs
Microsoft Patch Tuesday, August 2025 Edition2025-08-12
Bleepingcomputer
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws2025-08-12
CVE-2025-50165 — Untrusted Pointer Dereference | cvebase