CVE-2025-50172: 
vulnerability analysis and mitigation

CVE-2025-50172 is a vulnerability in Windows DirectX that was disclosed on August 12, 2025. The vulnerability stems from allocation of resources without limits or throttling, which allows an authorized attacker to deny service over a network. This affects multiple versions of Windows including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with attack vector being Network (N), attack complexity Low (L), privileges required Low (PR), no user interaction needed (UI:N), unchanged scope (S:U), no impact on confidentiality (C:N) and integrity (I:N), but high impact on availability (A:H). The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can lead to denial of service conditions, affecting the normal operation of the Windows DirectX service. The attack requires network access and low-level privileges to execute (NVD).

Microsoft has released security updates to address this vulnerability. The affected systems include Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H2, 23H2, 24H2), Windows Server 2019, Windows Server 2022, Windows Server 2022 23H2, and Windows Server 2025. Users are advised to apply the latest security updates to mitigate this vulnerability (Microsoft).