CVE-2025-53799

Description

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Unchanged

Changed

Affected products

Microsoft / Microsoft Office for Android16.0.1 – 16.0.19220.20000
Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.21128
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.8422
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.7792
Microsoft / Windows 10 Version 21H210.0.19044.0 – 10.0.19044.6332
Microsoft / Windows 10 Version 22H210.0.19045.0 – 10.0.19045.6332
Microsoft / Windows 11 version 22H210.0.22621.0 – 10.0.22621.5909
Microsoft / Windows 11 version 22H310.0.22631.0 – 10.0.22631.5909
Microsoft / Windows 11 version 23H210.0.22631.0 – 10.0.22631.5909
Microsoft / Windows 11 Version 24H210.0.26100.0 – 10.0.26100.6584
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.27929
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.27929
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.23529
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.23529
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.25675
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.22774
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.22774
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.25675
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.8422
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.8422
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.7792
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.7792
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.4171
Microsoft / Windows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 – 10.0.25398.1849
Microsoft / Windows Server 202510.0.26100.0 – 10.0.26100.6584
Microsoft / Windows Server 2025 (Server Core installation)10.0.26100.0 – 10.0.26100.6584

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53799