Microsoft Windows 11 Version 25H2 vulnerabilities

CVE-2026-48573 [HIGH] CWE-1329 CVE-2026-48573: Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a securi Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-48576 [HIGH] CWE-1329 CVE-2026-48576: Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a securi Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-20846 [HIGH] CWE-126 CVE-2026-20846: Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

CVE-2026-20938 [HIGH] CWE-822 CVE-2026-20938: Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an autho Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVE-2025-60707 [HIGH] CWE-416 CVE-2025-60707: Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevat Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

CVE-2025-60703 [HIGH] CWE-822 CVE-2025-60703: Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate pri Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CVE-2026-20923 [HIGH] CWE-416 CVE-2026-20923: Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2025-50152 [HIGH] CWE-125 CVE-2025-50152: Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-58728 [HIGH] CWE-416 CVE-2025-58728: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges loca Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2025-50175 [HIGH] CWE-416 CVE-2025-50175: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2025-59505 [HIGH] CWE-415 CVE-2025-59505: Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.

CVE-2025-60720 [HIGH] CWE-126 CVE-2025-60720: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

CVE-2026-20865 [HIGH] CWE-416 CVE-2026-20865: Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-25176 [HIGH] CWE-284 CVE-2026-25176: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-20809 [HIGH] CWE-122 CVE-2026-20809: Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized atta Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

CVE-2025-59514 [HIGH] CWE-269 CVE-2025-59514: Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevat Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

CVE-2026-24287 [HIGH] CWE-73 CVE-2026-24287: External control of file name or path in Windows Kernel allows an authorized attacker to elevate pri External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-64673 [HIGH] CWE-284 CVE-2025-64673: Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges lo Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-35415 [HIGH] CWE-190 CVE-2026-35415: Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

CVE-2026-32077 [HIGH] CWE-822 CVE-2026-32077: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.