What is the CVSS score of CVE-2025-32712?

CVE-2025-32712 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Windows are affected by CVE-2025-32712?

CVE-2025-32712 is a use-after-free vulnerability in Windows Win32K graphics subsystem that enables authenticated local attackers to execute arbitrary code and escalate privileges to system level,…. A patch is available.

How to fix or mitigate CVE-2025-32712?

Within 24 hours: Identify all Windows systems running affected Win32K versions using vulnerability scanning tools and create an inventory prioritizing systems with sensitive data access or elevated user privileges. Within 7 days: Apply vendor-released patch to all identified systems, prioritizing domain administrators, developers, and systems with administrative users. Within 30 days: Complete patch deployment across all Windows endpoints; validate remediation through scanning confirmation and verify no systems remain on unpatched Win32K versions.

Windows CVE-2025-32712

EUVD-2025-17784 HIGH

Use After Free (CWE-416)

2025-06-10 secure@microsoft.com

Windows Privilege Escalation Use After Free Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:42 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

6.1.7601.27769,6.2.9200.25522,6.3.9600.22620

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17784

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:21 nvd

HIGH 7.8

DescriptionNVD

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

AnalysisAI

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Technical ContextAI

Win32K (win32k.sys) is the core Windows kernel-mode graphics and windowing subsystem responsible for rendering, window management, and DirectX operations. The vulnerability exists in the GRFX (graphics) component of Win32K, which handles graphics device interface (GDI) operations and graphics buffer management. CWE-416 (Use After Free) indicates that the vulnerability stems from accessing memory that has been deallocated—specifically, the graphics subsystem likely frees a graphics object (such as a bitmap, device context, or font handle) but fails to properly invalidate all references to it, allowing an attacker to manipulate or read the freed memory. This is a classic kernel memory corruption vulnerability in a privileged subsystem, making exploitation particularly dangerous as it can lead to kernel code execution.

RemediationAI

Apply Microsoft's security patch immediately via Windows Update or WSUS for affected OS versions. 2. For systems that cannot be patched immediately, implement access controls to restrict local login capabilities to trusted users only. 3. Disable unnecessary graphics-intensive services if possible in headless/server environments. 4. Monitor for suspicious Win32K-related process behavior, kernel crashes, or unexpected privilege escalation attempts. 5. Escalate patch deployment for systems with high-risk user populations (developers, contractors, shared systems). 6. Verify patch application by checking win32k.sys file version and confirming KB article installation. Specific patch KB numbers and download links should be obtained from Microsoft Security Update Guide (portal.msrc.microsoft.com).

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2025-32712 vulnerability details – vuln.today

Back

Windows CVE-2025-32712

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code