A critical remote code execution vulnerability in Microsoft’s Windows Graphics Component, designated CVE-2025-50165, allows attackers to take control of systems using specially crafted JPEG images, rated with a CVSS score of 9.8. This flaw, discovered in May 2025 and patched in August 2025, affects several Windows versions, including Windows Server 2025 and Windows 11 Version 24H2, with unpatched systems at high risk for exploitation in phishing campaigns or ransomware attacks. The vulnerability stems from an untrusted pointer dereference in the windowscodecs.dll library, enabling arbitrary code execution without user interaction. Organizations are urged to prioritize updates and implement security measures to safeguard against potential exploitation, highlighting the ongoing risks posed by legacy graphics handling in the enterprise environment.