Information Disclosure Vulnerability in Microsoft Graphics Component
CVE-2025-64670

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2022; Windows 10 Version 21h2; Windows 10 Version 22h2; Windows Server 2025 (server Core Installation)
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-64670?

The vulnerability in Microsoft Graphics Component could enable an attacker to disclose sensitive information over a network. This exposure arises due to improper validation of certain inputs, allowing unauthorized actors to potentially access confidential data held within the system. Users are advised to remain vigilant and apply any security updates provided by Microsoft to mitigate this risk.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6691

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.6691

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22631.6345

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 6, 2025

JSON