cbcvebase.
CVE-2025-62458
published 2025-12-09

CVE-2025-62458: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_1607< 10.0.14393.868810.0.14393.8688
microsoftwindows_10_1809< 10.0.17763.814610.0.17763.8146
microsoftwindows_10_21h2< 10.0.19044.669110.0.19044.6691
microsoftwindows_10_22h2< 10.0.19045.669110.0.19045.6691
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.868810.0.14393.8688
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.814610.0.17763.8146
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.669110.0.19044.6691
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.669110.0.19045.6691
microsoftwindows_11_23h2< 10.0.22631.634510.0.22631.6345
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.634510.0.22631.6345
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.634510.0.22631.6345
microsoftwindows_server_2008
microsoftwindows_server_2008_r2_service_pack_1>= 6.1.7601.0 < 6.1.7601.280646.1.7601.28064
microsoftwindows_server_2012
microsoftwindows_server_2012>= 6.2.9200.0 < 6.2.9200.258156.2.9200.25815
microsoftwindows_server_2012_r2>= 6.3.9600.0 < 6.3.9600.229206.3.9600.22920
microsoftwindows_server_2016< 10.0.14393.868810.0.14393.8688
microsoftwindows_server_2016>= 10.0.14393.0 < 10.0.14393.868810.0.14393.8688
microsoftwindows_server_2019< 10.0.17763.814610.0.17763.8146
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.814610.0.17763.8146
microsoftwindows_server_2022< 10.0.20348.446710.0.20348.4467
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.452910.0.20348.4529
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_21h2