Microsoft Windows 11 23H2 vulnerabilities

CVE-2025-33063 [MEDIUM] CWE-125 CVE-2025-33063: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33061 [MEDIUM] CWE-125 CVE-2025-33061: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-24069 [MEDIUM] CWE-125 CVE-2025-24069: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-32719 [MEDIUM] CWE-125 CVE-2025-32719: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-24068 [MEDIUM] CWE-126 CVE-2025-24068: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose in Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33055 [MEDIUM] CWE-125 CVE-2025-33055: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33062 [MEDIUM] CWE-125 CVE-2025-33062: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-47160 [MEDIUM] CWE-693 CVE-2025-47160: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security f Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-32722 [MEDIUM] CWE-284 CVE-2025-32722: Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose inf Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

CVE-2025-47969 [MEDIUM] CWE-200 CVE-2025-47969: Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

CVE-2025-33058 [MEDIUM] CWE-125 CVE-2025-33058: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33060 [MEDIUM] CWE-125 CVE-2025-33060: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-24065 [MEDIUM] CWE-125 CVE-2025-24065: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33052 [MEDIUM] CWE-908 CVE-2025-33052: Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2025-33057 [MEDIUM] CWE-476 CVE-2025-33057: Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

CVE-2025-33059 [MEDIUM] CWE-125 CVE-2025-33059: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-32715 [MEDIUM] CWE-125 CVE-2025-32715: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

CVE-2025-33065 [MEDIUM] CWE-125 CVE-2025-33065: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-32720 [MEDIUM] CWE-125 CVE-2025-32720: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-47827 [MEDIUM] CWE-347 CVE-2025-47827: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly ve In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.