Windows Server 2025
by Microsoft
CVEs (1,296)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-24054 | 0.16 | — | 0.59 | KEV | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-62215 | 0.15 | — | 0.06 | KEV | Nov 11, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-21513 | 0.14 | — | 0.15 | KEV | Feb 10, 2026 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-21533 | 0.14 | — | 0.04 | KEV | Feb 10, 2026 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-21525 | 0.13 | — | 0.05 | KEV | Feb 10, 2026 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | ||
| CVE-2025-21418 | 0.13 | — | 0.01 | KEV | Feb 11, 2025 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2025-21335 | 0.13 | — | 0.01 | KEV | Jan 14, 2025 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||
| CVE-2026-21510 | 0.12 | — | 0.26 | KEV | Feb 10, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-21519 | 0.12 | — | 0.02 | KEV | Feb 10, 2026 | Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-20805 | 0.12 | — | 0.05 | KEV | Jan 13, 2026 | Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. | ||
| CVE-2025-62221 | 0.12 | — | 0.02 | KEV | Dec 9, 2025 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59230 | 0.12 | — | 0.03 | KEV | Oct 14, 2025 | Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24990 | 0.12 | — | 0.06 | KEV | Oct 14, 2025 | Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax… | ||
| CVE-2025-32709 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32706 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32701 | 0.12 | — | 0.01 | KEV | May 13, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30400 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24993 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-24991 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. |
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.16cvss —epss 0.59
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- risk 0.15cvss —epss 0.06
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.14cvss —epss 0.15
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.14cvss —epss 0.04
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
- risk 0.13cvss —epss 0.05
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
- risk 0.13cvss —epss 0.01
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.01
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.26
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.12cvss —epss 0.02
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.05
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
- risk 0.12cvss —epss 0.02
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.03
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.06
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax…
- risk 0.12cvss —epss 0.02
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.01
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- risk 0.12cvss —epss 0.02
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Page 16 of 65