Microsoft Windows Server 2012 vulnerabilities
3,709 known vulnerabilities affecting microsoft/windows_server_2012.
Total CVEs
3,709
CISA KEV
148
actively exploited
Public exploits
290
Exploited in wild
142
Severity breakdown
CRITICAL157HIGH2452MEDIUM1048LOW52
Vulnerabilities
Page 16 of 186
CVE-2025-50156MEDIUMCVSS 5.7vr2≥ 6.2.9200.0, < 6.2.9200.256222025-08-12
CVE-2025-50156 [MEDIUM] CWE-908 CVE-2025-50156: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-47981CRITICALCVSS 9.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47981 [CRITICAL] CWE-122 CVE-2025-47981: Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49689HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49689 [HIGH] CWE-125 CVE-2025-49689: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevat
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49730HIGHCVSS 7.8PoCvr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49730 [HIGH] CWE-122 CVE-2025-49730: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an autho
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47976HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47976 [HIGH] CWE-416 CVE-2025-47976: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48814HIGHCVSS 7.5vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-48814 [HIGH] CWE-306 CVE-2025-48814: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an u
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-49660HIGHCVSS 7.8vr22025-07-08
CVE-2025-49660 [HIGH] CWE-416 CVE-2025-49660: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-47973HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47973 [HIGH] CWE-126 CVE-2025-47973: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49673HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49673 [HIGH] CWE-122 CVE-2025-49673: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49683HIGHCVSS 7.8PoCvr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49683 [HIGH] CWE-122 CVE-2025-49683: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execut
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49669HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49669 [HIGH] CWE-122 CVE-2025-49669: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49675HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49675 [HIGH] CWE-416 CVE-2025-49675: Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49688HIGHCVSS 8.8vr22025-07-08
CVE-2025-49688 [HIGH] CWE-415 CVE-2025-49688: Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to e
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-49665HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49665 [HIGH] CWE-362 CVE-2025-49665: Concurrent execution using shared resource with improper synchronization ('race condition') in Works
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49721HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49721 [HIGH] CWE-122 CVE-2025-49721: Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate pri
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47984HIGHCVSS 7.5vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47984 [HIGH] CWE-693 CVE-2025-47984: Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-49742HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49742 [HIGH] CWE-122 CVE-2025-49742: Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to exec
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49686HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49686 [HIGH] CWE-476 CVE-2025-49686: Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges local
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48805HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-48805 [HIGH] CWE-122 CVE-2025-48805: Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to exec
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-48824HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-48824 [HIGH] CWE-122 CVE-2025-48824: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd