VYPR

Windows Server 2025

by Microsoft

CVEs (1,296)

  • CVE-2025-59275Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59261Oct 14, 2025
    risk 0.00cvss epss 0.00

    Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59260Oct 14, 2025
    risk 0.00cvss epss 0.00

    Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.

  • CVE-2025-59253Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

  • CVE-2025-59244Oct 14, 2025
    risk 0.00cvss epss 0.01

    External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-59214Oct 14, 2025
    risk 0.00cvss epss 0.02

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-59210Oct 14, 2025
    risk 0.00cvss epss 0.00

    Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

  • CVE-2025-59209Oct 14, 2025
    risk 0.00cvss epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

  • CVE-2025-59208Oct 14, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-59205Oct 14, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59203Oct 14, 2025
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.

  • CVE-2025-59198Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

  • CVE-2025-59197Oct 14, 2025
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.

  • CVE-2025-59194Oct 14, 2025
    risk 0.00cvss epss 0.02

    Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59193Oct 14, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59192Oct 14, 2025
    risk 0.00cvss epss 0.00

    Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59191Oct 14, 2025
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59190Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.

  • CVE-2025-59189Oct 14, 2025
    risk 0.00cvss epss 0.00

    Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

  • CVE-2025-59188Oct 14, 2025
    risk 0.00cvss epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.

Page 30 of 65