CVE-2025-50165

CRITICAL

Windows 11 24H2 and Windows Server 2025 < 10.0.26100.4851 - Remote Code Execution via Untrusted Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-50165. PoCs published by encrypter15, FelineKeeper.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-50165, a Windows Graphics Component RCE vulnerability. The exploit generates a malicious JPEG file that triggers an untrusted pointer dereference in windowscodecs.dll, leading to remote code execution via a crafted ROP chain and shellcode.

Description

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Exploits (2)

nomisec WORKING POC 7 stars

by encrypter15 · poc

https://github.com/encrypter15/CVE-2025-50165-x64-Exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-50165, a Windows Graphics Component RCE vulnerability. The exploit generates a malicious JPEG file that triggers an untrusted pointer dereference in windowscodecs.dll, leading to remote code execution via a crafted ROP chain and shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Windows 11 24H2 (unpatched)

No auth needed

Prerequisites: Vulnerable Windows 11 24H2 system · Ability to deliver malicious JPEG to target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

github WORKING POC

by FelineKeeper · pythonpoc

https://github.com/FelineKeeper/CVE-2025-50165-Windows-Graphics-Component-RCE

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2025-50165, targeting a Windows Graphics Component vulnerability in WindowsCodecs.dll. The exploit crafts a malicious JPEG file with a ROP chain and shellcode to achieve remote code execution via uninitialized pointer dereference during JPEG compression.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Windows 11 24H2 (WindowsCodecs.dll < 10.0.26100.4851)

No auth needed

Prerequisites: Vulnerable Windows 11 24H2 system without August 2025 patch · Ability to deliver and open malicious JPEG file in a WIC host application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 22, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165

Scores

CVSS v3 9.8

EPSS 0.2353

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-822 CWE-908

Status published

Products (2)

microsoft/windows_11_24h2 < 10.0.26100.4851

microsoft/windows_server_2025 < 10.0.26100.4851

Published Aug 12, 2025

Tracked Since Feb 18, 2026