CVE-2025-53799

MEDIUM

Windows Imaging Component - Info Disclosure

Title source: llm
STIX 2.1

Description

Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

References (1)

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 28.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-908
Status published
Products (18)
microsoft/office < 16.0.19220.20000
microsoft/windows_10_1507 < 10.0.10240.21128 (2 CPE variants)
microsoft/windows_10_1607 < 10.0.14393.8422 (2 CPE variants)
microsoft/windows_10_1809 < 10.0.17763.7792 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.6332
microsoft/windows_10_22h2 < 10.0.19045.6332
microsoft/windows_11_22h2 < 10.0.22621.5909
microsoft/windows_11_23h2 < 10.0.22631.5909
microsoft/windows_11_24h2 < 10.0.26100.6508
microsoft/windows_server_2008 (2 CPE variants)
... and 8 more
Published Sep 09, 2025
Tracked Since Feb 18, 2026