AI description
CVE-2025-50168 is a type confusion vulnerability found in the Windows Win32K - ICOMP component. Disclosed on August 12, 2025, the vulnerability affects Windows 11 and Windows Server 2025. The vulnerability is due to the access of a resource using an incompatible type. Successful exploitation of this vulnerability allows an authorized attacker to elevate privileges locally. Microsoft has released security updates to address this vulnerability in affected versions of Windows 11 and Windows Server 2025.
- Description
- Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-122
- Hype score
- Not currently trending
CVE-2025-50168-pwn2own-berlin-2025/P2O at main · D4m0n/CVE-2025-50168-pwn2own-berlin-2025 · GitHub https://t.co/N197zf6HF1
@akaclandestine
9 Nov 2025
922 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug. - https://t.co/DZgTjCsqs4
@FAMASoon
4 Nov 2025
1980 Impressions
12 Retweets
40 Likes
16 Bookmarks
0 Replies
0 Quotes
GitHub - D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 winning bug. - https://t.co/8XuFEHZLoW
@piedpiper1616
3 Nov 2025
10763 Impressions
30 Retweets
137 Likes
61 Bookmarks
2 Replies
0 Quotes
🛡️ Watch out! CVE-2025-50168 lets sneaky users elevate their privileges through some "type confusion." Microsoft’s got the scoop, but details are still under wraps. Stay tuned for the full patch notes! #WindowsForum #SecurityUpdate #CVE2025 https://t.co/IG09xvLc0Y
@windowsforum
12 Aug 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-50168 Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. https://t.co/1sqys7ZeQQ
@CVEnew
12 Aug 2025
225 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B07546D0-ED2A-4B93-83E7-EA808DC39724",
"versionEndExcluding": "10.0.22621.5768"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49E4DFC9-7EB4-4577-83C0-D1E94C2A8D97",
"versionEndExcluding": "10.0.22631.5768"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6376F067-CC36-4A7B-914B-0A60EFF1AC48",
"versionEndExcluding": "10.0.26100.4851"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94E45649-92F4-4D4C-9D94-275506530222",
"versionEndExcluding": "10.0.25398.1791"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B75BE97E-C12D-4DFB-B5F2-B8BF90C3E64E",
"versionEndExcluding": "10.0.26100.4851"
}
],
"operator": "OR"
}
]
}
]