Home > Security > Security News

Windows GDI Flaws Expose Systems to Critical Threats, Including RCE and Data Leaks

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Microsoft

Three security flaws tracked as CVE-2025-30388, CVE-2025-53766, and CVE-2025-47984 within the Windows Graphics Device Interface (GDI), a core component of the operating system, could allow attackers to execute arbitrary code or access sensitive information on affected systems. 

Remote Code Execution and Memory Exposure Risks

The identified issues highlight persistent risks in how Windows processes graphical elements, particularly within Enhanced Metafile (EMF) formats, according to a recent Check Point Research (CPR) report.

The most severe of the discovered flaws, CVE-2025-53766, is rated critical and could enable remote code execution (RCE). This vulnerability can be exploited over a network without requiring any user interaction, making it a high-risk threat, especially for web services that parse specially crafted EMF+ metafile images. 

Decompiled source code of the ScanOperation::AlphaDivide_sRGB() function
Decompiled source code of the ScanOperation::AlphaDivide_sRGB() function | Source: CPR

Another vulnerability, CVE-2025-30388, was found to be an out-of-bounds write issue that could also lead to RCE. 

The third flaw, CVE-2025-47984, allows for memory exposure due to an incomplete patch for a previously identified vulnerability (CVE-2022-35837), leading to information disclosure. The research demonstrated that malformed RECT objects in EMF records could trigger these dangerous memory operations.

Microsoft Security Patches Address Flaws

Microsoft released patches to address all three vulnerabilities. The fixes were included in the monthly Microsoft security patches released in May, July, and August 2025. 

The updates correct the flawed logic in GdiPlus.dll and gdi32full.dll by introducing proper validation checks for graphic object dimensions and correcting offset arithmetic to prevent out-of-bounds memory access. 

Users are strongly advised to ensure their systems are updated with these latest security patches to mitigate the risks posed by these vulnerabilities.

Last month, security researchers discovered that a critical Redis RCE vulnerability, CVE-2025-49844, exploits a 13-year-old UAF bug.

Add a Comment
Related
Police - Plane - Man
Jabber Zeus Developer 'MrICQ' in US Custody After Extradition from Italy
Cybercrime Landscape
From Spyware to Infrastructure Attacks: A Week of Crackdowns and Cyber Resilience
Nintendo Secures Legal Victory in Piracy Lawsuit Against EveryGameGuru, Streamer to Pay $17,500 in Damages
Employee - Laptop - Hacker
China-Linked Hacking Group Targets European Diplomatic Entities in Espionage Campaign
Police - Hacker - Arrest - Handcuffs
Meduza Infostealer Developers Arrested in Russian Authorities’ Crackdown
EU Proposes New Measures for Google, Meta, Microsoft, X, and TikTok to Combat Hybrid Threats
Most Popular
Police - Plane - Man
Jabber Zeus Developer 'MrICQ' in US Custody After Extradition from Italy
Cybercrime Landscape
From Spyware to Infrastructure Attacks: A Week of Crackdowns and Cyber Resilience
Nintendo Secures Legal Victory in Piracy Lawsuit Against EveryGameGuru, Streamer to Pay $17,500 in Damages
Employee - Laptop - Hacker
China-Linked Hacking Group Targets European Diplomatic Entities in Espionage Campaign
Police - Hacker - Arrest - Handcuffs
Meduza Infostealer Developers Arrested in Russian Authorities’ Crackdown
EU Proposes New Measures for Google, Meta, Microsoft, X, and TikTok to Combat Hybrid Threats
Jabber Zeus Developer 'MrICQ' in US Custody After Extradition from Italy
From Spyware to Infrastructure Attacks: A Week of Crackdowns and Cyber Resilience
Nintendo Secures Legal Victory in Piracy Lawsuit Against EveryGameGuru, Streamer to Pay $17,500 in Damages
China-Linked Hacking Group Targets European Diplomatic Entities in Espionage Campaign
Meduza Infostealer Developers Arrested in Russian Authorities’ Crackdown
EU Proposes New Measures for Google, Meta, Microsoft, X, and TikTok to Combat Hybrid Threats

Most Popular
Police - Plane - Man
Jabber Zeus Developer 'MrICQ' in US Custody After Extradition from Italy
Cybercrime Landscape
From Spyware to Infrastructure Attacks: A Week of Crackdowns and Cyber Resilience
Nintendo Secures Legal Victory in Piracy Lawsuit Against EveryGameGuru, Streamer to Pay $17,500 in Damages
Employee - Laptop - Hacker
China-Linked Hacking Group Targets European Diplomatic Entities in Espionage Campaign
Police - Hacker - Arrest - Handcuffs
Meduza Infostealer Developers Arrested in Russian Authorities’ Crackdown
EU Proposes New Measures for Google, Meta, Microsoft, X, and TikTok to Combat Hybrid Threats
Jabber Zeus Developer 'MrICQ' in US Custody After Extradition from Italy
From Spyware to Infrastructure Attacks: A Week of Crackdowns and Cyber Resilience
Nintendo Secures Legal Victory in Piracy Lawsuit Against EveryGameGuru, Streamer to Pay $17,500 in Damages
China-Linked Hacking Group Targets European Diplomatic Entities in Espionage Campaign
Meduza Infostealer Developers Arrested in Russian Authorities’ Crackdown
EU Proposes New Measures for Google, Meta, Microsoft, X, and TikTok to Combat Hybrid Threats

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: