Microsoft Windows Server 2008 Service Pack 2 vulnerabilities
1,672 known vulnerabilities affecting microsoft/windows_server_2008_service_pack_2.
Total CVEs
1,672
CISA KEV
66
actively exploited
Public exploits
37
Exploited in wild
58
Severity breakdown
CRITICAL68HIGH1214MEDIUM387LOW3
Vulnerabilities
Page 12 of 84
CVE-2025-29958MEDIUMCVSS 6.5≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29958 [MEDIUM] CWE-908 CVE-2025-29958: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-29974MEDIUMCVSS 5.7≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29974 [MEDIUM] CWE-125 CVE-2025-29974: Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
cvelistv5nvd
CVE-2025-29959MEDIUMCVSS 6.5≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29959 [MEDIUM] CWE-908 CVE-2025-29959: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-29836MEDIUMCVSS 6.5≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29836 [MEDIUM] CWE-125 CVE-2025-29836: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-29832MEDIUMCVSS 6.5≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29832 [MEDIUM] CWE-125 CVE-2025-29832: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-29954MEDIUMCVSS 5.9≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29954 [MEDIUM] CWE-400 CVE-2025-29954: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
cvelistv5nvd
CVE-2025-29961MEDIUMCVSS 6.5≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29961 [MEDIUM] CWE-125 CVE-2025-29961: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-29837MEDIUMCVSS 5.5≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29837 [MEDIUM] CWE-59 CVE-2025-29837: Improper link resolution before file access ('link following') in Windows Installer allows an author
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
cvelistv5nvd
CVE-2025-29956MEDIUMCVSS 5.4≥ 6.0.6003.0, < 6.0.6003.232792025-05-13
CVE-2025-29956 [MEDIUM] CWE-126 CVE-2025-29956: Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-27737HIGHCVSS 8.6≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-27737 [HIGH] CWE-20 CVE-2025-27737: Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
cvelistv5nvd
CVE-2025-26665HIGHCVSS 7.0≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-26665 [HIGH] CWE-591 CVE-2025-26665: Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized atta
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-27741HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-27741 [HIGH] CWE-125 CVE-2025-27741: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-27727HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-27727 [HIGH] CWE-59 CVE-2025-27727: Improper link resolution before file access ('link following') in Windows Installer allows an author
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-27469HIGHCVSS 7.5≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-27469 [HIGH] CWE-400 CVE-2025-27469: Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
cvelistv5nvd
CVE-2025-21191HIGHCVSS 7.0≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-21191 [HIGH] CWE-367 CVE-2025-21191: Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows a
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-27484HIGHCVSS 7.5≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-27484 [HIGH] CWE-591 CVE-2025-27484: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
cvelistv5nvd
CVE-2025-26663HIGHCVSS 8.1≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-26663 [HIGH] CWE-416 CVE-2025-26663: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attack
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-27478HIGHCVSS 7.0≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-27478 [HIGH] CWE-122 CVE-2025-27478: Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker t
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-21222HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-21222 [HIGH] CWE-122 CVE-2025-21222: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-21221HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.232202025-04-08
CVE-2025-21221 [HIGH] CWE-122 CVE-2025-21221: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
cvelistv5nvd