CVE-2025-50165
Published: 12 August 2025
Summary
CVE-2025-50165 is a critical-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2025-50165 is an untrusted pointer dereference weakness, tracked under CWEs 822 and 908, that affects the Microsoft Graphics Component. It carries a CVSS 3.1 base score of 9.8 and was published on 12 August 2025.
An unauthenticated attacker can exploit the flaw over a network with low attack complexity and no user interaction required, resulting in full confidentiality, integrity, and availability impact through arbitrary code execution. The current and peak EPSS scores both stand at 0.2353 with no material rise observed.
Microsoft has published an advisory for the issue at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165. No information on real-world exploitation or other contextual factors is available in the supplied data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24346
Vulnerability details
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network RCE in exposed component directly matches initial access via public-facing application exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely patching and flaw remediation for vulnerabilities like CVE-2025-50165 in the Microsoft Graphics Component.
Provides memory protection mechanisms such as ASLR, DEP, and stack guards to block exploitation of untrusted pointer dereference flaws.
Enforces network boundary protections to restrict unauthorized remote access required to exploit the graphics component vulnerability.