Windows Server 2025 Security Vulnerabilities and Issues — Page 3 of Windows Server 2025 CVE List

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

7.5CVSS7AI score0.14061EPSS

CVE•added 2025/01/14 6:15 p.m.•102 views

CVE-2025-21251

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.01098EPSS

CVE•added 2025/01/14 6:15 p.m.•102 views

CVE-2025-21297

Windows Remote Desktop Services Remote Code Execution Vulnerability

8.1CVSS8.3AI score0.01083EPSS

CVE•added 2024/11/12 6:15 p.m.•101 views

CVE-2024-43630

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00766EPSS

CVE•added 2024/12/12 2:4 a.m.•101 views

CVE-2024-49089

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

7.2CVSS7.2AI score0.05709EPSS

CVE•added 2024/12/12 2:4 a.m.•101 views

CVE-2024-49096

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.07856EPSS

CVE•added 2025/04/08 6:15 p.m.•101 views

CVE-2025-26647

Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

8.8CVSS7AI score0.00224EPSS

CVE•added 2025/04/08 6:15 p.m.•101 views

CVE-2025-26651

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

6.5CVSS7.1AI score0.22436EPSS

CVE•added 2025/04/08 6:15 p.m.•101 views

CVE-2025-27485

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

7.5CVSS7AI score0.14061EPSS

CVE•added 2024/12/12 2:4 a.m.•100 views

CVE-2024-49118

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

8.1CVSS8.2AI score0.0028EPSS

CVE•added 2025/01/14 6:15 p.m.•100 views

CVE-2025-21307

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

9.8CVSS9.8AI score0.06471EPSS

CVE•added 2025/04/08 6:15 p.m.•100 views

CVE-2025-26671

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

8.1CVSS8AI score0.0036EPSS

CVE•added 2025/06/10 5:22 p.m.•100 views

CVE-2025-33059

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2024/12/12 2:4 a.m.•99 views

CVE-2024-49072

Windows Task Scheduler Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.00178EPSS

CVE•added 2024/12/12 2:4 a.m.•99 views

CVE-2024-49124

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

8.1CVSS8.2AI score0.0022EPSS

CVE•added 2025/01/14 6:15 p.m.•99 views

CVE-2025-21226

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00151EPSS

CVE•added 2025/01/14 6:15 p.m.•99 views

CVE-2025-21242

Windows Kerberos Information Disclosure Vulnerability

5.9CVSS5.5AI score0.00125EPSS

CVE•added 2025/04/08 6:15 p.m.•99 views

CVE-2025-26652

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

7.5CVSS7AI score0.17972EPSS

CVE•added 2025/04/08 6:16 p.m.•99 views

CVE-2025-27492

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

7CVSS7.2AI score0.00057EPSS

CVE•added 2024/12/12 2:4 a.m.•98 views

CVE-2024-49079

Input Method Editor (IME) Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00259EPSS

CVE•added 2025/04/08 6:15 p.m.•98 views

CVE-2025-21191

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

7CVSS7.1AI score0.00057EPSS

CVE•added 2025/01/14 6:15 p.m.•98 views

CVE-2025-21241

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00706EPSS

CVE•added 2025/01/14 6:15 p.m.•98 views

CVE-2025-21295

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

8.1CVSS8.3AI score0.01083EPSS

CVE•added 2025/02/11 6:15 p.m.•98 views

CVE-2025-21349

Windows Remote Desktop Configuration Service Tampering Vulnerability

6.8CVSS7.5AI score0.00091EPSS

CVE•added 2025/04/08 6:16 p.m.•98 views

CVE-2025-27731

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.

7.8CVSS7.1AI score0.00161EPSS

CVE•added 2024/11/12 6:15 p.m.•97 views

CVE-2024-43627

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.01558EPSS

CVE•added 2024/12/12 2:4 a.m.•97 views

CVE-2024-49117

Windows Hyper-V Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.00305EPSS

CVE•added 2025/02/11 6:15 p.m.•97 views

CVE-2025-21419

Windows Setup Files Cleanup Elevation of Privilege Vulnerability

7.1CVSS7.6AI score0.00167EPSS

CVE•added 2025/03/11 5:16 p.m.•97 views

CVE-2025-24035

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

8.1CVSS8.2AI score0.00325EPSS

CVE•added 2025/04/08 6:15 p.m.•97 views

CVE-2025-26644

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

5.1CVSS7AI score0.00062EPSS

CVE•added 2024/11/12 6:15 p.m.•96 views

CVE-2024-43629

Windows DWM Core Library Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00766EPSS

CVE•added 2024/11/12 6:15 p.m.•96 views

CVE-2024-43636

Win32k Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00426EPSS

CVE•added 2025/02/11 6:15 p.m.•96 views

CVE-2025-21190

Windows Telephony Service Remote Code Execution Vulnerability