CVE-2025-50165: Critical RCE Vulnerability in Windows Graphics

Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 affecting the Windows Graphics Component. The vulnerability in windowscodecs.dll can be exploited through malicious JPEG images, posing a significant threat to all Windows systems. ThreatLabz identified the vulnerable code path, triaged the crash, and developed a Proof-of-Concept (PoC) exploit. The exploit involves heap spraying and Return-Oriented Programming (ROP) to achieve arbitrary code execution. Microsoft released a patch on August 12, 2025, and users are advised to update their systems immediately.

Latest mentioned: 11-21

Earliest mentioned: 11-20

Sources

zscaler.com securityboulevard.com

Also Read

Water Gamayun APT Exploits MSC EvilTwin Vulnerability

Water Gamayun, an advanced persistent threat group, has launched a new multi-stage intrusion campaign exploiting the MSC EvilTwin vulnerability in Windows MMC. The attack begins with a compromised Bing search result leading to a lookalike domain, which offers a double-extension RAR file disguised as a PDF. Opening this file triggers the exploitation of CVE-2025-26633, injecting malicious code into mmc.exe. The attack chain involves heavily obfuscated PowerShell scripts, a .NET class to hide console windows, and the final payload, iTunesC.exe, which installs backdoors or information-stealing malware. The campaign is attributed to Water Gamayun based on their distinctive PowerShell obfuscation patterns, infrastructure design, and social engineering themes.

11-26Read more →