CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2025-55228 | Windows Graphics Component Remote Code Execution Vulnerability | Windows 10, Windows 11, Windows Server | Critical | 06-10-2025 |
Technical Information
An authorized attacker can exploit a race condition caused by concurrent execution using a shared resource in Windows Win32K-GRFX by running a specially crafted application or convincing a local user to open a malicious file, ultimately allowing local code execution that could lead to remote code execution on the Hyper-V host.
Patch release date: Sep 09, 2025
Further information on this vulnerability is available at : CVE-2025-55228
Affected Software
Windows Server 2022,Windows Server 2022 (Server Core installation),
Windows 10 Version 21H2 for x64-based Systems,
Windows 11 Version 22H2 for ARM64-based Systems,
Windows 11 Version 22H2 for x64-based Systems,
Windows 10 Version 22H2 for x64-based Systems,
Windows Server 2025 (Server Core installation),
Windows 11 Version 23H2 for ARM64-based Systems,
Windows 11 Version 23H2 for x64-based Systems,
Windows Server 2022, 23H2 Edition (Server Core installation),
Windows 11 Version 24H2 for ARM64-based Systems,
Windows 11 Version 24H2 for x64-based Systems,
Windows Server 2025