Null Pointer Dereference Vulnerability in Windows DirectX by Microsoft
CVE-2025-62463

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2022; Windows 10 Version 21h2; Windows 10 Version 22h2; Windows Server 2025 (server Core Installation)
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-62463?

A null pointer dereference vulnerability in Windows DirectX enables an authorized attacker to cause a denial of service from a local context. Exploiting this vulnerability may result in instability of the application or system, leading to disruptions in service. Users should apply the latest patches and updates to mitigate this risk.

Affected Version(s)

Windows 10 Version 21H2 x64-based Systems 10.0.19044.0 < 10.0.19044.6691

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.6691

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22631.6345

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 14, 2025

JSON