MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-60724

🚨 CRITICAL

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Published
Nov 11, 2025
Last Modified
Nov 17, 2025
Views
9
Bookmarks
0

Description

Request Expert Review

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Affected Products (22)

microsoft - office

Version: *

microsoft - office_long_term_servicing_channel

Version: 2021

microsoft - office_long_term_servicing_channel

Version: 2024

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_21h2

Version: *

microsoft - windows_10_22h2

Version: *

microsoft - windows_11_23h2

Version: *

microsoft - windows_11_24h2

Version: *

microsoft - windows_11_25h2

Version: *

microsoft - windows_server_2008

Version: -

microsoft - windows_server_2008

Version: -

microsoft - windows_server_2008

Version: r2

microsoft - windows_server_2012

Version: -

microsoft - windows_server_2012

Version: r2

microsoft - windows_server_2016

Version: *

microsoft - windows_server_2019

Version: *

microsoft - windows_server_2022

Version: *

microsoft - windows_server_2022_23h2

Version: *

microsoft - windows_server_2025

Version: *

CVSS Scores

CVSS 3.1 9.8
9.8
CRITICAL
CVSS 2.0 9.8

References

msrc.microsoft.com

Additional Information

Source
secure@microsoft.com
State
Analyzed

Related CVEs

CVE-2025-14705

CRITICAL

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulatio...

Score: 9.8

CVE-2025-14704

HIGH

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The ma...

Score: 7.3

CVE-2025-67906

MEDIUM

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Score: 5.4

CVE-2025-14703

MEDIUM

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST...

Score: 5.3

CVE-2025-14702

MEDIUM

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashAct...

Score: 4.4

CVE-2025-13740

MEDIUM

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `lightweight-accordion` shortcode in all...

Score: 6.4

Share CVE-2025-60724

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-60724 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis