Out-of-Bounds Read in Microsoft Graphics Component Exposes Sensitive Information
CVE-2026-25180

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Office For Android; Windows 10 Version 1607; Windows 10 Version 1809; Windows 10 Version 21h2
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-25180?

The Microsoft Graphics Component has a vulnerability that enables an unauthorized attacker to exploit an out-of-bounds read. This flaw potentially allows attackers to access sensitive information on the system. Users are encouraged to apply the latest security updates to mitigate this risk.

Affected Version(s)

Microsoft Office for Android 16.0.1 < 16.0.19822.20000

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8957

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8511

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Jan 29, 2026

CVE-2026-25180 Data

JSON