Windows Server 2025
by Microsoft
CVEs (1,296)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49683 | 0.03 | — | 0.02 | Jul 8, 2025 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-33068 | 0.03 | — | 0.01 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26677 | 0.03 | — | 0.01 | May 13, 2025 | Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-24076 | 0.03 | — | 0.03 | Mar 11, 2025 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-21420 | 0.03 | — | 0.03 | Feb 11, 2025 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | |||
| CVE-2025-21285 | 0.03 | — | 0.55 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2024-43642 | 0.03 | — | 0.62 | Nov 12, 2024 | Windows SMB Denial of Service Vulnerability | |||
| CVE-2025-53145 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-53144 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-50165 | 0.02 | — | 0.04 | Aug 12, 2025 | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-27486 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-27485 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26652 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-27479 | 0.02 | — | 0.02 | Apr 8, 2025 | Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-27473 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-27470 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26680 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-21277 | 0.02 | — | 0.38 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2025-53143 | 0.01 | — | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47984 | 0.01 | — | 0.14 | Jul 8, 2025 | Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. |
- CVE-2025-49683Jul 8, 2025risk 0.03cvss —epss 0.02
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
- CVE-2025-33068Jun 10, 2025risk 0.03cvss —epss 0.01
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-26677May 13, 2025risk 0.03cvss —epss 0.01
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-24076Mar 11, 2025risk 0.03cvss —epss 0.03
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-21420Feb 11, 2025risk 0.03cvss —epss 0.03
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
- CVE-2025-21285Jan 14, 2025risk 0.03cvss —epss 0.55
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2024-43642Nov 12, 2024risk 0.03cvss —epss 0.62
Windows SMB Denial of Service Vulnerability
- CVE-2025-53145Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-53144Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-50165Aug 12, 2025risk 0.02cvss —epss 0.04
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
- CVE-2025-27486Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-27485Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-26652Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-27479Apr 8, 2025risk 0.02cvss —epss 0.02
Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.
- CVE-2025-27473Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- CVE-2025-27470Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-26680Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-21277Jan 14, 2025risk 0.02cvss —epss 0.38
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2025-53143Aug 12, 2025risk 0.01cvss —epss 0.01
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-47984Jul 8, 2025risk 0.01cvss —epss 0.14
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Page 18 of 65