Microsoft Windows 11 22H2 vulnerabilities

1,431 known vulnerabilities affecting microsoft/windows_11_22h2.

Total CVEs
1,431
CISA KEV
67
actively exploited
Public exploits
28
Exploited in wild
44
Severity breakdown
CRITICAL39HIGH1000MEDIUM387LOW5

Vulnerabilities

Page 23 of 72
CVE-2025-24992MEDIUMCVSS 5.5fixed in 10.0.22621.50392025-03-11
CVE-2025-24992 [MEDIUM] CWE-126 CVE-2025-24992: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
nvd
CVE-2025-24997MEDIUMCVSS 4.4fixed in 10.0.22621.50392025-03-11
CVE-2025-24997 [MEDIUM] CWE-476 CVE-2025-24997: Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service loca Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
nvd
CVE-2025-24987MEDIUMCVSS 6.8fixed in 10.0.22621.50392025-03-11
CVE-2025-24987 [MEDIUM] CWE-125 CVE-2025-24987: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
nvd
CVE-2025-21247MEDIUMCVSS 4.3fixed in 10.0.22621.50392025-03-11
CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2025-24984MEDIUMCVSS 4.6KEVfixed in 10.0.22621.50392025-03-11
CVE-2025-24984 [MEDIUM] CWE-532 CVE-2025-24984: Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
nvd
CVE-2025-24988MEDIUMCVSS 6.8fixed in 10.0.22621.50392025-03-11
CVE-2025-24988 [MEDIUM] CWE-125 CVE-2025-24988: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
nvd
CVE-2025-24996MEDIUMCVSS 6.5fixed in 10.0.22621.50392025-03-11
CVE-2025-24996 [MEDIUM] CWE-73 CVE-2025-24996: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-21407HIGHCVSS 8.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21407 [HIGH] CWE-122 CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21359HIGHCVSS 7.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21359 [HIGH] CWE-284 CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability
nvd
CVE-2025-21414HIGHCVSS 7.0fixed in 10.0.22621.48902025-02-11
CVE-2025-21414 [HIGH] CWE-122 CVE-2025-21414: Windows Core Messaging Elevation of Privileges Vulnerability Windows Core Messaging Elevation of Privileges Vulnerability
nvd
CVE-2025-21367HIGHCVSS 7.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21367 [HIGH] CWE-416 CVE-2025-21367: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
nvd
CVE-2025-21369HIGHCVSS 8.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21369 [HIGH] CWE-122 CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability
nvd
CVE-2025-21406HIGHCVSS 8.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21406 [HIGH] CWE-416 CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21373HIGHCVSS 7.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21373 [HIGH] CWE-59 CVE-2025-21373: Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability
nvd
CVE-2025-21376HIGHCVSS 8.1fixed in 10.0.22621.48902025-02-11
CVE-2025-21376 [HIGH] CWE-122 CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
nvd
CVE-2025-21368HIGHCVSS 8.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21368 [HIGH] CWE-122 CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability
nvd
CVE-2025-21190HIGHCVSS 8.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21190 [HIGH] CWE-122 CVE-2025-21190: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21358HIGHCVSS 7.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21358 [HIGH] CWE-822 CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability Windows Core Messaging Elevation of Privileges Vulnerability
nvd
CVE-2025-21375HIGHCVSS 7.8fixed in 10.0.22621.48902025-02-11
CVE-2025-21375 [HIGH] CWE-20 CVE-2025-21375: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2025-21419HIGHCVSS 7.1fixed in 10.0.22621.48902025-02-11
CVE-2025-21419 [HIGH] CWE-59 CVE-2025-21419: Windows Setup Files Cleanup Elevation of Privilege Vulnerability Windows Setup Files Cleanup Elevation of Privilege Vulnerability
nvd
← Previous23 / 72Next →
Microsoft Windows 11 22H2 vulnerabilities | cvebase