Windows Server 2025@* Security Vulnerabilities and Issues — Windows Server 2025@* CVE List

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.3AI score0.51253EPSS

CVE•added 2025/05/13 5:16 p.m.•357 views

CVE-2025-30394

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

5.9CVSS5.7AI score0.00099EPSS

CVE•added 2025/02/11 6:15 p.m.•350 views

CVE-2025-21337

Windows NTFS Elevation of Privilege Vulnerability

3.3CVSS6AI score0.00083EPSS

CVE•added 2024/11/12 6:15 p.m.•346 views

CVE-2024-43451

NTLM Hash Disclosure Spoofing Vulnerability

6.5CVSS6.5AI score0.89638EPSS

In wild

CVE•added 2024/10/08 6:15 p.m.•341 views

CVE-2024-43583

Winlogon Elevation of Privilege Vulnerability

7.8CVSS8.4AI score0.08214EPSS

CVE•added 2025/02/11 6:15 p.m.•338 views

CVE-2025-21420

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.31526EPSS

CVE•added 2024/12/12 2:4 a.m.•322 views

CVE-2024-49112

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.8668EPSS

CVE•added 2025/01/14 6:15 p.m.•318 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00174EPSS

CVE•added 2025/03/11 5:16 p.m.•310 views

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

7CVSS6.8AI score0.11557EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•306 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.11464EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•302 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.18427EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•301 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•298 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2025/01/14 6:15 p.m.•294 views

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.05766EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•292 views

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.04579EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•267 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.31507EPSS

In wildWeb

CVE•added 2025/03/11 5:16 p.m.•254 views

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.01473EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•244 views

CVE-2025-24993

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.03137EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•239 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.22265EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•239 views

CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

5.5CVSS6.5AI score0.03281EPSS

In wild

CVE•added 2025/06/10 5:23 p.m.•237 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.0096EPSS

Web

CVE•added 2024/12/12 2:4 a.m.•235 views

CVE-2024-49113

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

7.5CVSS7.5AI score0.87357EPSS

Web

CVE•added 2025/02/11 6:15 p.m.•234 views

CVE-2025-21181

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.8AI score0.07722EPSS

CVE•added 2025/01/14 6:16 p.m.•224 views

CVE-2025-21413

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.027EPSS

CVE•added 2025/01/14 6:15 p.m.•222 views

CVE-2025-21230

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.01652EPSS

CVE•added 2025/01/14 6:15 p.m.•213 views

CVE-2025-21293

Active Directory Domain Services Elevation of Privilege Vulnerability

8.8CVSS8.8AI score0.75604EPSS

CVE•added 2024/11/12 6:15 p.m.•198 views

CVE-2024-43639

Windows KDC Proxy Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.08975EPSS

CVE•added 2025/05/13 5:16 p.m.•195 views

CVE-2025-30397

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

7.5CVSS7.5AI score0.20545EPSS

In wild

CVE•added 2025/05/13 5:16 p.m.•190 views

CVE-2025-30400

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.0373EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•188 views

CVE-2025-21179

DHCP Client Service Denial of Service Vulnerability

4.8CVSS5.9AI score0.00128EPSS

CVE•added 2024/12/12 2:4 a.m.•186 views