CVE-2025-50165

Critical

Published: 12 August 2025

Published

12 August 2025

Modified

14 August 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0621 90.9th percentile

Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50165 is a critical-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely patching and flaw remediation for vulnerabilities like CVE-2025-50165 in the Microsoft Graphics Component.

SI-16 Memory Protection good match

prevent

Provides memory protection mechanisms such as ASLR, DEP, and stack guards to block exploitation of untrusted pointer dereference flaws.

SC-7 Boundary Protection partial match

prevent

Enforces network boundary protections to restrict unauthorized remote access required to exploit the graphics component vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated network RCE in exposed component directly matches initial access via public-facing application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Deeper analysisAI

CVE-2025-50165, published on 2025-08-12, is an untrusted pointer dereference vulnerability (CWE-822, CWE-908) in the Microsoft Graphics Component. This flaw allows an unauthorized attacker to execute code over a network and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for remote exploitation with high impact on confidentiality, integrity, and availability.

The vulnerability can be exploited by any unauthorized attacker with network access, requiring no privileges, low attack complexity, and no user interaction. Successful exploitation enables arbitrary code execution on the targeted system, potentially leading to full compromise.

For details on patches and mitigation, refer to the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165.

Details

CWE(s): CWE-822 CWE-908

Affected Products

microsoft

windows 11 24h2

≤ 10.0.26100.4851

microsoft

windows server 2025

≤ 10.0.26100.4851

CVEs Like This One

CVE-2025-21182Same product: Microsoft Windows 11 24H2

CVE-2025-21183Same product: Microsoft Windows 11 24H2

CVE-2025-21379Same product: Microsoft Windows 11 24H2

CVE-2025-62549Same product: Microsoft Windows 11 24H2

CVE-2025-21220Same product: Microsoft Windows 11 24H2

CVE-2026-32222Same product: Microsoft Windows 11 24H2

CVE-2026-21250Same product: Microsoft Windows 11 24H2

CVE-2025-60710Same product: Microsoft Windows 11 24H2

CVE-2026-20941Same product: Microsoft Windows 11 24H2

CVE-2025-21372Same product: Microsoft Windows 11 24H2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165
Vendor Advisory · secure@microsoft.com