CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-50165

CVSS 9.8v3.1pub. 2025-08-12upd. 2025-08-14

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

🤖 AI Analysis
How it works

The vulnerability is based on untrusted pointer dereference (CWE-822) combined with the use of uninitialized memory (CWE-908) in Microsoft Graphics Component. An attacker can deliver specially crafted input data over the network, which causes the graphics component to read or execute code from a pointer controlled by the attacker. The lack of authentication requirement and user interaction allows for complete remote exploitation of the vulnerability without any prior access conditions.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code remotely in the context of the affected system, which may lead to complete system compromise, violation of data confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to the references. Update details are available in the Microsoft Security Response Center at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165

Who is affected

Microsoft Windows 11 24H2 and Microsoft Windows Server 2025

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows 11 24h2

    OS
    Microsoft
    < 10.0.26100.4851
  • Microsoft Windows Server 2025

    OS
    Microsoft
    < 10.0.26100.4851
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-59287CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE w Windows Server Update Service (WSUS) — deserializacja danych

CVE-2026-42904CRITICAL9.6PL ✓ten sam produkt

Heap buffer overflow w Windows TCP/IP umożliwia privilege escalation przez sieć

CVE-2026-45602CRITICAL9.1PL ✓ten sam produkt

Podatność typu tampering w Windows DHCP Server umożliwia nieautoryzowaną modyfikację danych

CVE-2026-44815CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w Windows DHCP Client — zdalne wykonanie kodu

CVE-2026-45657CRITICAL9.8PL ✓ten sam produkt

Use-after-free w Windows Kernel umożliwiające zdalne wykonanie kodu