CVE-2025-55698: DirectX Graphics Kernel Denial of Service Vulnerability
Overview
- Severity
- High (CVSS 7.7)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
- Category
- Denial of Service
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2025-Oct
- Released
- 2025-10-14
- EPSS Score
- 0.18% (percentile: 39.1%)
Description
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.
Affected Products (6)
Windows
- Windows 11 Version 25H2 for x64-based Systems
- Windows 11 Version 25H2 for ARM64-based Systems
- Windows Server 2025 (Server Core installation)
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows 11 Version 24H2 for x64-based Systems
- Windows Server 2025
Security Updates (1)
Acknowledgments
cyanbamboo
Revision History
- 2025-10-14: Information published.