← back
CVE-2025-50165

Windows Graphics Component Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 3.5%CWE-822CWE-908
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 11 Version 24H2Microsoft · Windows Server 2025Microsoft · Windows Server 2025 (Server Core installation)
public PoCs found2
githubgithub.com/encrypter15/CVE-2025-50165-x64-Exploit7githubgithub.com/FelineKeeper/CVE-2025-50165-Windows-Graphics-Component-RCE0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165