CVE-2025-50168

Published Aug 12, 2025

Last updated 7 months ago

CVSS high 7.8
Windows Win32K
ICOMP

Overview

Description
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-122

Social media

Hype score
Not currently trending

  1. ''GitHub - D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug.'' #infosec #pentest #redteam #blueteam https://t.co/HA4tMCNFLZ

    @CyberWarship

    26 Nov 2025

    7260 Impressions

    25 Retweets

    85 Likes

    44 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-50168-pwn2own-berlin-2025/P2O at main · D4m0n/CVE-2025-50168-pwn2own-berlin-2025 · GitHub https://t.co/N197zf6HF1

    @akaclandestine

    9 Nov 2025

    922 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug. - https://t.co/DZgTjCsqs4

    @FAMASoon

    4 Nov 2025

    1980 Impressions

    12 Retweets

    40 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  4. GitHub - D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 winning bug. - https://t.co/8XuFEHZLoW

    @piedpiper1616

    3 Nov 2025

    10763 Impressions

    30 Retweets

    137 Likes

    61 Bookmarks

    2 Replies

    0 Quotes

  5. 🛡️ Watch out! CVE-2025-50168 lets sneaky users elevate their privileges through some "type confusion." Microsoft’s got the scoop, but details are still under wraps. Stay tuned for the full patch notes! #WindowsForum #SecurityUpdate #CVE2025 https://t.co/IG09xvLc0Y

    @windowsforum

    12 Aug 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-50168 Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. https://t.co/1sqys7ZeQQ

    @CVEnew

    12 Aug 2025

    225 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.CVE-2026-26111
  2. Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.CVE-2026-25190
  3. Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.CVE-2026-25187
  4. Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.CVE-2026-25188
  5. Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.CVE-2026-25186

References

Sources include official advisories and independent security research.