Windows Server 2025@* Security Vulnerabilities and Issues — Windows Server 2025@* CVE List

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.3AI score0.6245EPSS

CVE•added 2025/05/13 5:15 p.m.•368 views

CVE-2025-29974

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

5.7CVSS5.6AI score0.00158EPSS

CVE•added 2025/05/13 5:16 p.m.•362 views

CVE-2025-30394

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

5.9CVSS5.7AI score0.00159EPSS

CVE•added 2024/11/12 6:15 p.m.•353 views

CVE-2024-43451

NTLM Hash Disclosure Spoofing Vulnerability

6.5CVSS6.5AI score0.89087EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•352 views

CVE-2025-21337

Windows NTFS Elevation of Privilege Vulnerability

3.3CVSS6AI score0.00089EPSS

CVE•added 2025/02/11 6:15 p.m.•342 views

CVE-2025-21420

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.28657EPSS

CVE•added 2025/06/10 5:22 p.m.•337 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.1907EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•331 views

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

7CVSS6.8AI score0.06628EPSS

In wild

CVE•added 2024/12/12 2:4 a.m.•328 views

CVE-2024-49112

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.87025EPSS

CVE•added 2025/01/14 6:15 p.m.•321 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00189EPSS

CVE•added 2025/02/11 6:15 p.m.•310 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.09977EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•304 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•300 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2025/01/14 6:15 p.m.•299 views

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.05766EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•297 views

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.04579EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•294 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.31507EPSS

In wild

CVE•added 2025/06/10 5:23 p.m.•267 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.03645EPSS

CVE•added 2025/03/11 5:16 p.m.•257 views

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00938EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•247 views

CVE-2025-24993

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.02222EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•241 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.17667EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•241 views

CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

5.5CVSS6.5AI score0.02442EPSS

In wild

CVE•added 2024/12/12 2:4 a.m.•237 views

CVE-2024-49113

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

7.5CVSS7.5AI score0.86574EPSS

CVE•added 2025/02/11 6:15 p.m.•236 views

CVE-2025-21181

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.8AI score0.0823EPSS

CVE•added 2025/01/14 6:15 p.m.•227 views

CVE-2025-21293

Active Directory Domain Services Elevation of Privilege Vulnerability

8.8CVSS8.8AI score0.75604EPSS

CVE•added 2025/01/14 6:16 p.m.•227 views

CVE-2025-21413

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.03423EPSS

CVE•added 2025/01/14 6:15 p.m.•225 views

CVE-2025-21230

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.02103EPSS

CVE•added 2025/05/13 5:16 p.m.•207 views

CVE-2025-30397

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

7.5CVSS7.5AI score0.23075EPSS

In wild

CVE•added 2025/05/13 5:16 p.m.•202 views

CVE-2025-30400

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.04292EPSS

In wild

CVE•added 2024/11/12 6:15 p.m.•201 views

CVE-2024-43639

Windows KDC Proxy Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.11086EPSS

CVE•added 2025/02/11 6:15 p.m.•190 views