Microsoft Windows Server 2012 vulnerabilities
3,709 known vulnerabilities affecting microsoft/windows_server_2012.
Total CVEs
3,709
CISA KEV
148
actively exploited
Public exploits
290
Exploited in wild
142
Severity breakdown
CRITICAL157HIGH2452MEDIUM1048LOW52
Vulnerabilities
Page 17 of 186
CVE-2025-49687HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49687 [HIGH] CWE-125 CVE-2025-49687: Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate p
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49676HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49676 [HIGH] CWE-122 CVE-2025-49676: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49716HIGHCVSS 7.5vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49716 [HIGH] CWE-400 CVE-2025-49716: Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny servic
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
cvelistv5nvd
CVE-2025-47986HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47986 [HIGH] CWE-416 CVE-2025-47986: Use after free in Universal Print Management Service allows an authorized attacker to elevate privil
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49678HIGHCVSS 7.0vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49678 [HIGH] CWE-362 CVE-2025-49678: Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49753HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49753 [HIGH] CWE-122 CVE-2025-49753: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-48815HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-48815 [HIGH] CWE-843 CVE-2025-48815: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an auth
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49668HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49668 [HIGH] CWE-122 CVE-2025-49668: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49679HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49679 [HIGH] CWE-197 CVE-2025-49679: Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locall
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49657HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49657 [HIGH] CWE-122 CVE-2025-49657: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49661HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49661 [HIGH] CWE-822 CVE-2025-49661: Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47996HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47996 [HIGH] CWE-125 CVE-2025-47996: Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49667HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49667 [HIGH] CWE-415 CVE-2025-49667: Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49674HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49674 [HIGH] CWE-122 CVE-2025-49674: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47971HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47971 [HIGH] CWE-126 CVE-2025-47971: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48816HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-48816 [HIGH] CWE-125 CVE-2025-48816: Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileg
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49672HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-49672 [HIGH] CWE-122 CVE-2025-49672: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47987HIGHCVSS 7.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47987 [HIGH] CWE-122 CVE-2025-47987: Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elev
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47998HIGHCVSS 8.8vr2≥ 6.2.9200.0, < 6.2.9200.255732025-07-08
CVE-2025-47998 [HIGH] CWE-122 CVE-2025-47998: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49735HIGHCVSS 8.1vr2≥ 6.2.9200.0, < 6.2.9200.255222025-07-08
CVE-2025-49735 [HIGH] CWE-416 CVE-2025-49735: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd