Microsoft Windows Server 2008 Service Pack 2 vulnerabilities

1,672 known vulnerabilities affecting microsoft/windows_server_2008_service_pack_2.

Total CVEs

1,672

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL68HIGH1214MEDIUM387LOW3

Vulnerabilities

Page 9 of 84

CVE-2025-49753HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49753 [HIGH] CWE-122 CVE-2025-49753: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-48815HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-48815 [HIGH] CWE-843 CVE-2025-48815: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an auth Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-49668HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49668 [HIGH] CWE-122 CVE-2025-49668: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-49679HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49679 [HIGH] CWE-197 CVE-2025-49679: Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locall Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-49657HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49657 [HIGH] CWE-122 CVE-2025-49657: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-49661HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49661 [HIGH] CWE-822 CVE-2025-49661: Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-47996HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-47996 [HIGH] CWE-125 CVE-2025-47996: Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-49674HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49674 [HIGH] CWE-122 CVE-2025-49674: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-47971HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-47971 [HIGH] CWE-126 CVE-2025-47971: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-48816HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-48816 [HIGH] CWE-125 CVE-2025-48816: Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileg Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-49672HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49672 [HIGH] CWE-122 CVE-2025-49672: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-47987HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-47987 [HIGH] CWE-122 CVE-2025-47987: Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elev Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-47998HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-47998 [HIGH] CWE-122 CVE-2025-47998: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-47985HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-47985 [HIGH] CWE-822 CVE-2025-47985: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate priv Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-48821HIGHCVSS 7.1≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-48821 [HIGH] CWE-416 CVE-2025-48821: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker t Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

cvelistv5nvd

CVE-2025-49659HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49659 [HIGH] CWE-126 CVE-2025-49659: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2025-48806HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-48806 [HIGH] CWE-416 CVE-2025-48806: Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code loc Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

cvelistv5nvd

CVE-2025-48819HIGHCVSS 7.1≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-48819 [HIGH] CWE-591 CVE-2025-48819: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

cvelistv5nvd

CVE-2025-48817HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-48817 [HIGH] CWE-23 CVE-2025-48817: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

CVE-2025-49663HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.234182025-07-08

CVE-2025-49663 [HIGH] CWE-122 CVE-2025-49663: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

cvelistv5nvd

← Previous9 / 84Next →