Microsoft
CVE-2026-25180
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
AnalysisAI
Microsoft Graphics Component contains an out-of-bounds read vulnerability affecting Windows 10 1607, Windows Server 2019, and 2022, enabling local attackers to read sensitive information from memory. The vulnerability requires user interaction and local access, posing a confidentiality risk without offering a currently available patch. Attack complexity is low, making it a practical concern for systems running affected Office and Windows versions.
Technical ContextAI
Classified as CWE-125 (Out-of-bounds Read). Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today