VYPR

Windows Server 2025

by Microsoft

CVEs (1,296)

  • CVE-2025-30397KEVMay 13, 2025
    risk 0.17cvss epss 0.22

    Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

  • CVE-2025-24054KEVMar 11, 2025
    risk 0.16cvss epss 0.59

    External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-62215KEVNov 11, 2025
    risk 0.15cvss epss 0.06

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21513KEVFeb 10, 2026
    risk 0.14cvss epss 0.15

    Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-21533KEVFeb 10, 2026
    risk 0.14cvss epss 0.04

    Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21525KEVFeb 10, 2026
    risk 0.13cvss epss 0.05

    Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

  • CVE-2025-21418KEVFeb 11, 2025
    risk 0.13cvss epss 0.01

    Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

  • CVE-2025-21335KEVJan 14, 2025
    risk 0.13cvss epss 0.01

    Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

  • CVE-2026-21510KEVFeb 10, 2026
    risk 0.12cvss epss 0.26

    Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-21519KEVFeb 10, 2026
    risk 0.12cvss epss 0.02

    Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-20805KEVJan 13, 2026
    risk 0.12cvss epss 0.05

    Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

  • CVE-2025-62221KEVDec 9, 2025
    risk 0.12cvss epss 0.02

    Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59230KEVOct 14, 2025
    risk 0.12cvss epss 0.03

    Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2025-24990KEVOct 14, 2025
    risk 0.12cvss epss 0.06

    Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax…

  • CVE-2025-32709KEVMay 13, 2025
    risk 0.12cvss epss 0.02

    Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2025-32706KEVMay 13, 2025
    risk 0.12cvss epss 0.02

    Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-32701KEVMay 13, 2025
    risk 0.12cvss epss 0.01

    Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-30400KEVMay 13, 2025
    risk 0.12cvss epss 0.02

    Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

  • CVE-2025-24993KEVMar 11, 2025
    risk 0.12cvss epss 0.02

    Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

  • CVE-2025-24991KEVMar 11, 2025
    risk 0.12cvss epss 0.02

    Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

Page 16 of 65