CVE-2025-36853

A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().‍ Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172
https://www.herodevs.com/vulnerability-directory/cve-2025-21172

Configurations

No configuration.

History

08 Sep 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-08 14:15

Updated : 2025-09-08 16:25

NVD link : CVE-2025-36853

Mitre link : CVE-2025-36853

CVE.ORG link : CVE-2025-36853

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

CWE-190

Integer Overflow or Wraparound

7.5 /10