CVE-2025-50165

Published Aug 12, 2025

Last updated 4 months ago

CVSS critical 9.8
Microsoft Graphics Component

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-50165 is a vulnerability in the Microsoft Graphics Component. It involves an untrusted pointer dereference, which could allow an attacker to execute code over a network without authorization. This vulnerability can be triggered when decoding JPEG images embedded in Office documents or third-party files. An attacker could exploit an uninitialized function pointer during the decoding process.

Description
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_11_24h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secure@microsoft.com
CWE-822

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-50165

    @transilienceai

    29 Nov 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. #exploit 1⃣. CVE-2025-50165: Critical Flaw (RCE) in Windows Graphics Component - https://t.co/p3KATYNDYX // Windows 11 24H2 x64/ARM64, Windows Server 2025 2⃣. CVE-2025-9491: Windows UI misrepresentation vulnerability - https://t.co/9qKIOSQ7Fd // PoC tool for demonstrating t

    @ksg93rd

    26 Nov 2025

    439 Impressions

    2 Retweets

    2 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  3. Warning: Critical vulnerability in #Windows CVE-2025-50165 CVSS: 9.8. Viewing a malicious JPEG, even inside a document or as preview can lead to exploitation. This flaw in the rendering library can lead to remote code execution #RCE #Patch #Patch #Patch

    @CCBalert

    26 Nov 2025

    238 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 8月に開示されたWindowsのJPEG処理における重大(Critical)な脆弱性CVE-2025-50165の解説。Votiro社記事。細工されたJPEGを描画させることで遠隔コード実行が成立。 https://t.co/mamWt53URh

    @__kokumoto

    26 Nov 2025

    1023 Impressions

    3 Retweets

    8 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-50165 (About to Become Attackers' Favorite) The attack chain begins with a maliciously crafted JPEG image designed to exploit the vulnerability. This malicious image, when rendered via the windowscodecs.dll, will trigger the vulnerability. Control Flow Guard (CFG) is

    @blackorbird

    24 Nov 2025

    1627 Impressions

    3 Retweets

    11 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  6. Windows 11 24H2 ve Windows Server 2025’te Kritik JPEG Açığı: CVE-2025-50165 Hakkında Yeni Detaylar https://t.co/Gim79kHSqm https://t.co/fHj6hiwgf5

    @cozumpark

    23 Nov 2025

    255 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. https://t.co/T6ndaXwP7e — CVE-2025-50165: Critical Flaw in Windows Graphics Component"

    @mikeal41839494

    23 Nov 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. https://t.co/lqcKr9c4Zs — CVE-2025-50165: Critical Flaw in Windows Graphics Component"

    @DCWebGuy

    22 Nov 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ThreatLabz | CVE-2025-50165: Windows Graphics Component Flaw https://t.co/Vg0GvfkxuQ

    @StopMalvertisin

    22 Nov 2025

    690 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Top 5 Trending CVEs: 1 - CVE-2025-50165 2 - CVE-2025-6218 3 - CVE-2025-27591 4 - CVE-2025-4427 5 - CVE-2025-31161 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    22 Nov 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-50165 is a critical remote code execution vulnerability (CVSS 9.8) affecting the Windows Graphics Component (windowscodecs.dll). It was discovered by Zscaler ThreatLabz in May 2025. To aid in detection, I have developed a KQL query designed to identify potential https:/

    @0x534c

    21 Nov 2025

    5658 Impressions

    15 Retweets

    66 Likes

    35 Bookmarks

    2 Replies

    1 Quote

  12. 1/6 CVE-2025-50165 (CVSS 9.8): Critical RCE in Windows Graphics Component. This isn't your typical image parsing bug—it's an untrusted pointer dereference in windowscodecs.dll that's exploitable via heap spraying + ROP chains.

    @gothburz

    21 Nov 2025

    195 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  13. CVE-2025-50165 in the Microsoft Windows Graphics Component. With a CVSS score of 9.8, this vulnerability enables attackers to execute arbitrary code using a specially crafted JPEG image that can be triggered by any application that leverages the Windows Graphics library

    @terrac1pher

    21 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-50165: Critical Flaw in Windows Graphics Component https://t.co/MkjRPCWZF5 https://t.co/IW7aUwv0al

    @raven_cybersec

    20 Nov 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Zscaler ThreatLabz has discovered CVE-2025-50165 in the Microsoft Windows Graphics Component. With a CVSS score of 9.8, this vulnerability enables attackers to execute arbitrary code using a specially crafted JPEG image that can be triggered by any application that leverages the

    @Threatlabz

    20 Nov 2025

    50367 Impressions

    135 Retweets

    468 Likes

    245 Bookmarks

    9 Replies

    12 Quotes

  16. Made it to MSRC 2025 Q3 Leaderboard ranking #9 in MSRC Office Scoreboard with #28 ranking overall. Thanks @msftsecresponse My reports. CVE-2025-59243, CVE-2025-59226, CVE-2025-50165 https://t.co/dL13SlMAly

    @ArjunGU2

    29 Oct 2025

    681 Impressions

    1 Retweet

    9 Likes

    1 Bookmark

    2 Replies

    0 Quotes

  17. Ever thought an image file could compromise your system? Here’s how CVE-2025-50165 turns pixels into poison. #cybersecurity #infosec #patchtuesday #windowssecurity https://t.co/aSFQ5QdHvG

    @ivan_windon

    26 Aug 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. ⚠️Actualizaciones de seguridad de Microsoft ❗CVE-2025-53766 ❗CVE-2025-50165 ❗CVE-2025-50171 ➡️Más info: https://t.co/PUM5sZp4pl https://t.co/fxesUeGgL5

    @CERTpy

    19 Aug 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 今月気になるのは、Webページを開いただけでコード実行の脆弱性(CVE-2025-53766 )や画像を閲覧しただけでコード実行の脆弱性(CVE-2025-50165)、また悪用されそうなSharePointのRCE(CVE-2025-49712)あたりですね。 The

    @autumn_good_35

    13 Aug 2025

    1130 Impressions

    2 Retweets

    12 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  20. 🎨 Heads up, Windows users! A sneaky graphics flaw (CVE-2025-50165) lets attackers run wild with your code! Time to patch up and keep those digital paintbrushes safe! 🛡️ #WindowsForum #Security #PatchNow https://t.co/LhVgAP65Z8

    @windowsforum

    12 Aug 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.