CVE-2025-62465
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | directx | * |
| microsoft | windows_11_23h2 | to 10.0.22631.6345 (inc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.2025 (inc) |
| microsoft | windows_11_24h2 | to 10.0.26100.7392 (inc) |
| microsoft | windows_11_25h2 | to 10.0.26200.7392 (inc) |
| microsoft | windows_server_2025 | to 10.0.26100.7392 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in Windows DirectX that allows an authorized local attacker to cause a denial of service.
How can this vulnerability impact me? :
An authorized local attacker can exploit this vulnerability to cause a denial of service, potentially making the affected system or application unavailable.
What immediate steps should I take to mitigate this vulnerability?
Apply the security updates provided by Microsoft as soon as they become available to address the null pointer dereference in Windows DirectX. Since the vulnerability requires local authorized access, ensure that only trusted users have access to the affected systems and monitor for any unusual local activity that could indicate exploitation attempts. [1]