CVE-2025-47980

Q: What is the severity of CVE-2025-47980?

CVE-2025-47980 has a CVSS score of 6.2 (MEDIUM). This vulnerability in Windows Imaging Component allows local attackers to access sensitive information they shouldn't have access to. It affects Windows systems where an attacker has local access to the machine. The vulnerability enables information disclosure without requiring elevated privileges.

6.2 MEDIUM

📋 TL;DR

This vulnerability in Windows Imaging Component allows local attackers to access sensitive information they shouldn't have access to. It affects Windows systems where an attacker has local access to the machine. The vulnerability enables information disclosure without requiring elevated privileges.

💻 Affected Systems

Products:

Windows Imaging Component

Versions: Specific versions not yet detailed in public advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016+, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of Windows where Windows Imaging Component is present. Component is used for image processing and rendering.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could extract sensitive system information, user data, or credentials stored in memory, potentially leading to privilege escalation or lateral movement.

🟠

Likely Case

Local user or malware could read sensitive information from other processes or system components, compromising data confidentiality.

🟢

If Mitigated

With proper access controls and limited local user privileges, impact is reduced to minimal information disclosure.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring attacker access to the system.

🏢 Internal Only: MEDIUM - Internal users or compromised accounts could exploit this to gather sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the system. No authentication bypass needed but attacker must have some level of local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47980

Restart Required: Yes

Instructions:

1. Open Windows Update Settings. 2. Click 'Check for updates'. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict Local User Privileges

windows

Limit local user accounts to standard user privileges to reduce attack surface

Disable Unnecessary Image Processing

windows

Restrict use of Windows Imaging Component for non-essential applications

🧯 If You Can't Patch

Implement strict access controls and least privilege principles for all user accounts
Monitor for unusual local process activity and information access attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to CVE-2025-47980

Check Version:

wmic qfe list | findstr KB

Verify Fix Applied:

Verify the latest Windows security updates are installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

Unusual process access to imaging components
Multiple failed attempts to access protected memory regions

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

EventID=4688 AND ProcessName contains 'imaging' OR 'wic' AND AccessMask includes 'READ_CONTROL'

📊 Metadata

CVE ID: CVE-2025-47980

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.07% exploit probability (22.4th percentile)

Published: July 8, 2025

Last Updated: July 14, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47980 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local User Privileges

Disable Unnecessary Image Processing

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities