CVE-2025-21382 is an elevation of privilege vulnerability identified in the Windows Graphics Component. This flaw arises from improper handling of memory buffers within the graphics libraries, potentially allowing attackers to execute arbitrary code with elevated privileges. By exploiting this vulnerability, an attacker could gain unauthorized access to sensitive system resources, leading to a complete system compromise. (cve.news)
Affected Systems:
The vulnerability impacts various versions of Windows, including:
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2022
- Windows 10 Version 21H2
- Windows 11 Version 22H2
- Windows 10 Version 22H2
- Windows Server 2025
- Windows 11 Version 22H3
- Windows 11 Version 23H2
- Windows Server 2022, 23H2 Edition
- Windows 11 Version 24H2
(notcve.org)
The vulnerability has been assigned a CVSS v3.1 base score of 7.8, indicating a high severity level. The CVSS metrics are as follows:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
(notcve.org)
To address this vulnerability, Microsoft has released security updates. Users and administrators are strongly advised to apply these updates promptly to protect their systems from potential exploitation. (nvd.nist.gov)
For detailed information and guidance, refer to the official Microsoft Security Advisory: (nvd.nist.gov)
Source: MSRC Security Update Guide - Microsoft Security Response Center
