Microsoft Windows 11 Version 25H2 vulnerabilities

CVE-2026-20935 [MEDIUM] CWE-822 CVE-2026-20935: Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unaut Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.

CVE-2026-42915 [MEDIUM] CWE-131 CVE-2026-42915: Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny servi Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network.

CVE-2026-20839 [MEDIUM] CWE-284 CVE-2026-20839: Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker t Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.

CVE-2025-62570 [MEDIUM] CWE-284 CVE-2025-62570: Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disc Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.

CVE-2026-40401 [HIGH] CWE-476 CVE-2026-40401: Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

CVE-2025-59284 [MEDIUM] CWE-200 CVE-2025-59284: Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized at Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

CVE-2026-25180 [MEDIUM] CWE-125 CVE-2026-25180: Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose infor Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

CVE-2025-55338 [MEDIUM] CWE-1310 CVE-2025-55338: Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a s Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2026-20827 [MEDIUM] CWE-200 CVE-2026-20827: Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-25186 [MEDIUM] CWE-200 CVE-2026-25186: Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ( Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.

CVE-2025-55336 [MEDIUM] CWE-200 CVE-2025-55336: Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

CVE-2026-20819 [MEDIUM] CWE-822 CVE-2026-20819: Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an autho Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.

CVE-2025-55325 [MEDIUM] CWE-126 CVE-2025-55325: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose in Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2026-42971 [MEDIUM] CWE-200 CVE-2026-42971: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42969 [MEDIUM] CWE-908 CVE-2026-42969: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-20806 [MEDIUM] CWE-843 CVE-2026-20806: Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized at Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

CVE-2026-42973 [MEDIUM] CWE-200 CVE-2026-42973: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42970 [MEDIUM] CWE-200 CVE-2026-42970: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2025-55334 [MEDIUM] CWE-312 CVE-2025-55334: Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypa Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-45655 [MEDIUM] CWE-693 CVE-2026-45655: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.