Heap-based Buffer Overflow in Windows Win32K Graphics Component
CVE-2025-30388

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc For Mac 2021; Microsoft Office For Android; Microsoft Office For Universal; Microsoft Office Ltsc For Mac 2024
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-30388?

A heap-based buffer overflow exists in the Windows Win32K graphics component. This vulnerability can be exploited by unauthorized attackers, allowing them to execute code locally, which could compromise system security. It is essential for users and administrators to stay informed about this issue and apply necessary updates to mitigate potential risks.

Affected Version(s)

Microsoft Office for Android Unknown 16.0.1 < 16.0.18827.20000

Microsoft Office for Universal Unknown 16.0.1 < 16.0.14326.22502

Microsoft Office LTSC for Mac 2021 Unknown 16.0.1 < 16.97.25042725

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Mar 21, 2025