Microsoft Windows 11 Version 25H2 vulnerabilities

CVE-2026-45605 [HIGH] CWE-416 CVE-2026-45605: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges loca Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVE-2026-42910 [HIGH] CWE-787 CVE-2026-42910: Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

CVE-2026-27923 [HIGH] CWE-416 CVE-2026-27923: Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

CVE-2026-44809 [HIGH] CWE-416 CVE-2026-44809: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-32160 [HIGH] CWE-362 CVE-2026-32160: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-32158 [HIGH] CWE-362 CVE-2026-32158: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-32159 [HIGH] CWE-362 CVE-2026-32159: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-32153 [HIGH] CWE-362 CVE-2026-32153: Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges local Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2026-20930 [HIGH] CWE-362 CVE-2026-20930: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVE-2026-26168 [HIGH] CWE-362 CVE-2026-26168: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-26167 [HIGH] CWE-362 CVE-2026-26167: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

CVE-2026-25167 [HIGH] CWE-416 CVE-2026-25167: Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

CVE-2026-20844 [HIGH] CWE-362 CVE-2026-20844: Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges loc Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.

CVE-2026-32156 [HIGH] CWE-416 CVE-2026-32156: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

CVE-2026-35422 [MEDIUM] CWE-288 CVE-2026-35422: Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized atta Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

CVE-2025-60709 [HIGH] CWE-125 CVE-2025-60709: Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-47656 [HIGH] CWE-693 CVE-2026-47656: Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a secur Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

CVE-2026-20832 [HIGH] CWE-415 CVE-2026-20832: Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerabili Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

CVE-2026-20857 [HIGH] CWE-822 CVE-2026-20857: Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacke Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-60718 [HIGH] CWE-426 CVE-2025-60718: Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate p Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.