Windows Server 2022 Security Vulnerabilities and Issues — Windows Server 2022 CVE List

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.3AI score0.51253EPSS

CVE•added 2025/05/13 5:15 p.m.•365 views

CVE-2025-29974

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

5.7CVSS5.6AI score0.00087EPSS

CVE•added 2025/05/13 5:16 p.m.•359 views

CVE-2025-30394

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

5.9CVSS5.7AI score0.00099EPSS

CVE•added 2025/02/11 6:15 p.m.•351 views

CVE-2025-21337

Windows NTFS Elevation of Privilege Vulnerability

3.3CVSS6AI score0.00083EPSS

CVE•added 2025/02/11 6:15 p.m.•341 views

CVE-2025-21420

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.31526EPSS

CVE•added 2025/01/14 6:15 p.m.•319 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00174EPSS

CVE•added 2025/03/11 5:16 p.m.•314 views

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

7CVSS6.8AI score0.03755EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•314 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.2155EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•307 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.11464EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•303 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•299 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2025/03/11 5:16 p.m.•278 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.31507EPSS

In wildWeb

CVE•added 2025/03/11 5:16 p.m.•255 views

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.01044EPSS

In wild

CVE•added 2025/06/10 5:23 p.m.•247 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.0096EPSS

Web

CVE•added 2025/03/11 5:16 p.m.•245 views

CVE-2025-24993

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

7.8CVSS8AI score0.02222EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•240 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.17667EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•240 views

CVE-2025-24991

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

5.5CVSS6.5AI score0.02442EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•235 views

CVE-2025-21181

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.8AI score0.07722EPSS

CVE•added 2025/01/14 6:16 p.m.•225 views

CVE-2025-21413

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.027EPSS

CVE•added 2025/01/14 6:15 p.m.•223 views

CVE-2025-21230

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.01652EPSS

CVE•added 2025/01/14 6:15 p.m.•214 views

CVE-2025-21293

Active Directory Domain Services Elevation of Privilege Vulnerability

8.8CVSS8.8AI score0.75604EPSS

CVE•added 2025/05/13 5:16 p.m.•203 views

CVE-2025-30397

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

7.5CVSS7.5AI score0.20545EPSS

In wild

CVE•added 2025/05/13 5:16 p.m.•196 views

CVE-2025-30400

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.0373EPSS

In wild

CVE•added 2025/05/13 5:16 p.m.•185 views

CVE-2025-32709

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

7.8CVSS8AI score0.03765EPSS

In wild

CVE•added 2025/05/13 5:16 p.m.•179 views

CVE-2025-32706

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.12159EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•175 views

CVE-2025-21302

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.0052EPSS

CVE•added 2025/01/14 6:15 p.m.•174 views

CVE-2025-21263

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00149EPSS

CVE•added 2025/05/13 5:16 p.m.•174 views

CVE-2025-32701

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.04229EPSS

In wild

CVE•added 2025/02/11 6:15 p.m.•163 views

CVE-2025-21351

Windows Active Directory Domain Services API Denial of Service Vulnerability

7.5CVSS7.9AI score0.06049EPSS

CVE•added 2025/01/14 6:15 p.m.•161 views

CVE-2025-21341

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00149EPSS

CVE•added 2025/01/14 6:15 p.m.•155 views

CVE-2025-21327

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00149EPSS

CVE•added 2025/01/14 6:15 p.m.•140 views

CVE-2025-21245

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.0052EPSS

CVE•added 2025/04/08 6:15 p.m.•133 views

CVE-2025-21204

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

7.8CVSS7.1AI score0.00865EPSS

CVE•added 2025/01/14 6:16 p.m.•132 views

CVE-2025-21417

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.027EPSS

CVE•added 2025/01/14 6:15 p.m.•131 views

CVE-2025-21310

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00151EPSS

CVE•added 2025/01/14 6:15 p.m.•130 views

CVE-2025-21260

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00151EPSS

CVE•added 2025/04/08 6:15 p.m.•130 views

CVE-2025-27480

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

8.1CVSS8AI score0.00232EPSS

CVE•added 2025/01/14 6:15 p.m.•129 views

CVE-2025-21211

Secure Boot Security Feature Bypass Vulnerability

6.8CVSS6.6AI score0.00178EPSS

CVE•added 2025/01/14 6:15 p.m.•129 views

CVE-2025-21273

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00706EPSS

CVE•added 2025/01/14 6:15 p.m.•123 views

CVE-2025-21329

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00111EPSS

CVE•added 2025/01/14 6:15 p.m.•122 views

CVE-2025-21213

Secure Boot Security Feature Bypass Vulnerability

4.6CVSS4.7AI score0.00143EPSS

CVE•added 2025/02/11 6:15 p.m.•122 views

CVE-2025-21377

NTLM Hash Disclosure Spoofing Vulnerability

6.5CVSS7.4AI score0.05088EPSS

CVE•added 2025/01/14 6:16 p.m.•119 views

CVE-2025-21382

Windows Graphics Component Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00208EPSS

CVE•added 2025/04/08 6:16 p.m.•117 views

CVE-2025-27736

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

5.5CVSS6.6AI score0.00089EPSS

CVE•added 2025/01/14 6:15 p.m.•116 views

CVE-2025-21275

Windows App Package Installer Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00234EPSS

CVE•added 2025/01/14 6:15 p.m.•115 views

CVE-2025-21274

Windows Event Tracing Denial of Service Vulnerability

5.5CVSS5.5AI score0.00098EPSS

CVE•added 2025/01/14 6:15 p.m.•114 views

CVE-2025-21286

Windows Telephony Service Remote Code Execution Vulnerability