CVE-2025-50172 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting Microsoft Windows 10 Version 1809, specifically version 10.0.17763.0. The issue resides in the Windows DirectX component, where resource allocation occurs without adequate limits or throttling mechanisms. This flaw allows an authorized attacker—meaning one with some level of access privileges but no user interaction required—to initiate a denial of service (DoS) attack over a network. The attacker can exploit this by sending crafted requests that cause the system to allocate excessive resources, leading to exhaustion and service disruption. The CVSS v3.1 base score is 6.5 (medium severity), with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C, indicating network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability. The exploitability is considered moderate due to the need for privileges, but the lack of user interaction and low complexity make it a viable threat. No known exploits are currently reported in the wild, and no patches have been published at the time of analysis. The vulnerability could be leveraged in environments where Windows 10 Version 1809 systems are exposed to network access and use DirectX, potentially impacting services relying on these systems.

For European organizations, the primary impact is a denial of service condition that can disrupt availability of critical systems running Windows 10 Version 1809 with DirectX components. This can affect enterprise environments, public sector institutions, and industrial control systems that have not upgraded beyond this Windows version. The disruption could lead to operational downtime, loss of productivity, and potential cascading effects in networked environments. Since confidentiality and integrity are not impacted, data breaches are unlikely, but service interruptions could affect customer-facing applications and internal workflows. Organizations relying on legacy Windows 10 1809 deployments, especially in sectors like manufacturing, healthcare, and government, may face increased risk. The lack of available patches increases exposure until mitigations or upgrades are applied. The medium severity suggests that while the threat is significant, it is not critical, but the ease of exploitation and potential for widespread impact in unpatched environments warrant attention.

1. Prioritize upgrading affected systems from Windows 10 Version 1809 to a supported and patched Windows version to eliminate the vulnerability. 2. Implement network segmentation and restrict access to systems running the vulnerable version, limiting exposure to authorized and trusted users only. 3. Monitor resource usage on systems with DirectX components to detect abnormal allocation patterns indicative of exploitation attempts. 4. Apply strict access controls and privilege management to minimize the number of users with the required privileges to exploit this vulnerability. 5. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect unusual network traffic patterns targeting DirectX services. 6. Maintain up-to-date backups and incident response plans to recover quickly from potential denial of service incidents. 7. Stay informed on Microsoft’s security advisories for the release of patches or workarounds and apply them promptly once available.