PatchSiren cyber security CVE debrief
CVE-2025-21338 Microsoft CVE debrief
A remote code execution vulnerability exists in Microsoft GDI+ (Graphics Device Interface Plus), a Windows component responsible for rendering images and graphics. The vulnerability allows an attacker to execute arbitrary code on affected systems. The CVSS v3.1 score of 7.8 (HIGH) reflects local attack vector with low complexity, requiring local access but no user interaction. The vulnerability was published on January 14, 2025, and last modified on May 19, 2026. Microsoft has released patches addressing this issue across multiple product lines.
- Vendor
- Microsoft
- Product
- Microsoft Office for Android
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-14
- Original CVE updated
- 2026-05-19
- Advisory published
- 2025-01-14
- Advisory updated
- 2026-05-19
Who should care
Organizations running Windows workstations and servers, enterprises with Office deployments across mobile and desktop platforms, security teams responsible for patch management, and developers building applications that rely on GDI+ for image processing
Technical summary
The vulnerability exists in Microsoft GDI+, the graphics rendering subsystem used by Windows and Office applications for processing images. An attacker with local access can exploit this flaw to execute arbitrary code with elevated privileges. The attack complexity is low and requires no user interaction. The vulnerability stems from an integer overflow condition (CWE-190) in image processing operations. Affected platforms span consumer Windows versions (10, 11), server editions (2008 through 2025), and cross-platform Office applications (iOS, Android, macOS, Universal Windows Platform).
Defensive priority
high
Recommended defensive actions
- Apply Microsoft security updates for affected Windows and Office versions as listed in the Microsoft Security Response Center advisory
- Prioritize patching systems running Windows 10, Windows 11, and Windows Server versions that process untrusted image files
- For Office mobile and desktop applications, update to patched versions: iOS 2.93.24123014 or later, Universal 16.0.14326.22175 or later, Android 16.0.18429.20000 or later, macOS 16.93.25011212 or later
- Review and restrict processing of untrusted image files in GDI+-dependent applications until patches are deployed
- Monitor for suspicious activity involving image rendering operations on unpatched systems
Evidence notes
CVE published 2025-01-14; modified 2026-05-19. CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Affected products include Windows 10 (versions 1507 through 22H2), Windows 11 (versions 22H2 through 24H2), Windows Server 2008 through 2025, and Office applications on iOS, Android, macOS, and Universal platforms. CWE-190 (Integer Overflow or Wraparound) identified by Microsoft as secondary weakness.
Official resources
-
CVE-2025-21338 CVE record
CVE.org
-
CVE-2025-21338 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Microsoft disclosed this vulnerability through their Security Response Center with patches available. The vulnerability affects a wide range of Windows versions and Office applications, indicating significant attack surface.