CVE-2025-53799

Q: What is the severity of CVE-2025-53799?

CVE-2025-53799 has a CVSS score of 5.5 (MEDIUM). CVE-2025-53799 is an information disclosure vulnerability in Windows Imaging Component where uninitialized memory resources can be accessed by a local attacker. This allows reading of potentially sensitive data from system memory. Only Windows systems with the vulnerable component are affected.

5.5 MEDIUM

📋 TL;DR

CVE-2025-53799 is an information disclosure vulnerability in Windows Imaging Component where uninitialized memory resources can be accessed by a local attacker. This allows reading of potentially sensitive data from system memory. Only Windows systems with the vulnerable component are affected.

💻 Affected Systems

Products:

Windows Imaging Component

Versions: Specific versions not yet detailed in public advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016+, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system. Component is part of default Windows installations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive information from kernel memory, potentially exposing credentials, encryption keys, or other protected data.

🟠

Likely Case

Limited information disclosure of non-critical memory contents, possibly revealing system state or application data.

🟢

If Mitigated

With proper access controls and patching, impact is minimal as it requires local access and specific conditions.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring attacker access to the system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gather information about the system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and specific conditions to trigger the uninitialized resource access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53799

Restart Required: No

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all security updates. 4. Verify update installation in Update History.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems where patching is not immediately possible

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor for suspicious local activity and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to Windows Imaging Component

Check Version:

wmic qfe list brief | findstr /i "KB"

Verify Fix Applied:

Verify the latest security updates are installed via Windows Update settings

📡 Detection & Monitoring

Log Indicators:

Unusual process access to imaging components
Failed attempts to access protected memory regions

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Process creation events involving imaging components with unusual parent processes

📊 Metadata

CVE ID: CVE-2025-53799

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-908

EPSS Score: 0.09% exploit probability (24.5th percentile)

Published: September 9, 2025

Last Updated: October 2, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53799 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Office by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities