CVE-2025-21338 | MSRC Compact Detail

Severity

Important

Impact

Remote Code Execution

CVSS

7.8 base · 6.8 temporal

Release

2025-01-14

Signals

Windows Win32K - GRFX Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely

CWE

CWE-190: Integer Overflow or Wraparound

Patch Diff

Loading module diff metadata...

Resolved binary override

Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.

Old version New version

Description

No description was published by MSRC.

FAQ / Articles

FAQ

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

FAQ

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

MSRC Fields

Module / Tag

Windows Win32K - GRFX

Release number

2025-Jan

Latest revision

2025-01-27

CNA

Microsoft

Customer action

required

Denial of service

N/A

CVSS Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

References

MSRC

Official detail

CVE Record

CVE.org

Revision History

v1.1 · 2025-01-27

Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only.

v1 · 2025-01-14

Information published.

CVE-2025-21338 · GDI+ Remote Code Execution Vulnerability