Microsoft Windows 11 Version 25H2 vulnerabilities

CVE-2026-32075 [HIGH] CWE-416 CVE-2026-32075: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker t Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVE-2025-55678 [HIGH] CWE-416 CVE-2025-55678: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2026-34347 [HIGH] CWE-416 CVE-2026-34347: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-59189 [HIGH] CWE-416 CVE-2025-59189: Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

CVE-2026-42984 [HIGH] CWE-416 CVE-2026-42984: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-45653 [HIGH] CWE-122 CVE-2026-45653: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-59259 [MEDIUM] CWE-1287 CVE-2025-59259: Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an auth Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVE-2025-59257 [MEDIUM] CWE-1287 CVE-2025-59257: Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an auth Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVE-2026-32151 [MEDIUM] CWE-200 CVE-2026-32151: Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.

CVE-2026-40413 [HIGH] CWE-476 CVE-2026-40413: Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

CVE-2026-41097 [MEDIUM] CWE-1329 CVE-2026-41097: Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2026-20863 [HIGH] CWE-415 CVE-2026-20863: Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

CVE-2026-25179 [HIGH] CWE-1287 CVE-2026-25179: Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allo Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-32070 [HIGH] CWE-416 CVE-2026-32070: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-50174 [HIGH] CWE-416 CVE-2025-50174: Use after free in Windows Device Association Broker service allows an authorized attacker to elevate Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

CVE-2026-20815 [HIGH] CWE-362 CVE-2026-20815: Concurrent execution using shared resource with improper synchronization ('race condition') in Capab Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

CVE-2026-20808 [HIGH] CWE-362 CVE-2026-20808: Concurrent execution using shared resource with improper synchronization ('race condition') in Print Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

CVE-2026-20814 [HIGH] CWE-362 CVE-2026-20814: Concurrent execution using shared resource with improper synchronization ('race condition') in Graph Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-20826 [HIGH] CWE-362 CVE-2026-20826: Concurrent execution using shared resource with improper synchronization ('race condition') in Table Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2026-34342 [HIGH] CWE-362 CVE-2026-34342: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.