VYPR

Windows 11 25h2

by Microsoft

CVEs (597)

  • CVE-2025-59512Nov 11, 2025
    risk 0.00cvss epss 0.03

    Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59511Nov 11, 2025
    risk 0.00cvss epss 0.00

    External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59510Nov 11, 2025
    risk 0.00cvss epss 0.00

    Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

  • CVE-2025-59509Nov 11, 2025
    risk 0.00cvss epss 0.01

    Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

  • CVE-2025-59508Nov 11, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59507Nov 11, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59506Nov 11, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59505Nov 11, 2025
    risk 0.00cvss epss 0.00

    Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59261Oct 14, 2025
    risk 0.00cvss epss 0.00

    Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59253Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

  • CVE-2025-59244Oct 14, 2025
    risk 0.00cvss epss 0.01

    External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-59241Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59214Oct 14, 2025
    risk 0.00cvss epss 0.02

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-59210Oct 14, 2025
    risk 0.00cvss epss 0.00

    Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

  • CVE-2025-59209Oct 14, 2025
    risk 0.00cvss epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

  • CVE-2025-59208Oct 14, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-59205Oct 14, 2025
    risk 0.00cvss epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

  • CVE-2025-59203Oct 14, 2025
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.

  • CVE-2025-59198Oct 14, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

  • CVE-2025-59197Oct 14, 2025
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.

Page 25 of 30