CVE-2025-50168 PoC — Win32k Elevation of Privilege Vulnerability

Source

https://github.com/D4m0n/CVE-2025-50168-pwn2own-berlin-2025

Associated Vulnerability

Title:Win32k Elevation of Privilege Vulnerability (CVE-2025-50168)
Description:Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Description

CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug.

Readme

Author: [D4m0n](https://x.com/d4m0n_8)

# CVE-2025-50168
This is an exploit submitted to **Pwn2Own Berlin 2025 - LPE Category**.
The vulnerability occurs in `Win32kbase!DirectComposition`, and further details can be found in the [blog post](https://www.oobs.io/posts/four-bytes-one-lie).

## Acknowledgements
- **kASLR bypass technique:** [prefetch-tool](https://github.com/exploits-forsale/prefetch-tool) by [carrot_c4k3](https://mastodon.social/@carrot_c4k3)
- **Special thanks to:** David & Louis of [Out of Bounds](https://oobs.io/)

## Disclaimer
This repository is for educational and research purposes only and must not be used for malicious purposes. Use of the materials for unauthorized or illegal activity is strictly prohibited.

File Snapshot


 [4.0K]  /data/pocs/97dce5df3abe71d42f2c08504de41c1f311e0f74
├── [4.0K]  P2O
│   ├── [6.4K]  dcomp.h
│   ├── [ 11K]  ioring.h
│   ├── [ 28K]  main.cpp
│   ├── [1.2K]  P2O.sln
│   ├── [7.4K]  P2O.vcxproj
│   ├── [1.3K]  P2O.vcxproj.filters
│   ├── [1.2K]  prefetch_asm.asm
│   └── [ 17K]  prefetch_leak.h
└── [ 742]  README.md

2 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!