Microsoft Windows Server 2012 R2 vulnerabilities
2,572 known vulnerabilities affecting microsoft/windows_server_2012_r2.
Total CVEs
2,572
CISA KEV
96
actively exploited
Public exploits
67
Exploited in wild
85
Severity breakdown
CRITICAL85HIGH1805MEDIUM672LOW10
Vulnerabilities
Page 16 of 129
CVE-2025-50166MEDIUMCVSS 6.5≥ 6.3.9600.0, < 6.3.9600.227252025-08-12
CVE-2025-50166 [MEDIUM] CWE-190 CVE-2025-50166: Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized a
Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-53153MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12
CVE-2025-53153 [MEDIUM] CWE-908 CVE-2025-53153: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-53138MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12
CVE-2025-53138 [MEDIUM] CWE-908 CVE-2025-53138: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-50156MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12
CVE-2025-50156 [MEDIUM] CWE-908 CVE-2025-50156: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-47981CRITICALCVSS 9.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-47981 [CRITICAL] CWE-122 CVE-2025-47981: Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49689HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49689 [HIGH] CWE-125 CVE-2025-49689: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevat
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49730HIGHCVSS 7.8PoC≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49730 [HIGH] CWE-122 CVE-2025-49730: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an autho
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47976HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-47976 [HIGH] CWE-416 CVE-2025-47976: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48814HIGHCVSS 7.5≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-48814 [HIGH] CWE-306 CVE-2025-48814: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an u
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-49688HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49688 [HIGH] CWE-415 CVE-2025-49688: Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to e
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49660HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49660 [HIGH] CWE-416 CVE-2025-49660: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47973HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-47973 [HIGH] CWE-126 CVE-2025-47973: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49673HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49673 [HIGH] CWE-122 CVE-2025-49673: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49683HIGHCVSS 7.8PoC≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49683 [HIGH] CWE-122 CVE-2025-49683: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execut
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49669HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49669 [HIGH] CWE-122 CVE-2025-49669: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49675HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49675 [HIGH] CWE-416 CVE-2025-49675: Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49665HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49665 [HIGH] CWE-362 CVE-2025-49665: Concurrent execution using shared resource with improper synchronization ('race condition') in Works
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49721HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49721 [HIGH] CWE-122 CVE-2025-49721: Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate pri
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47984HIGHCVSS 7.5≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-47984 [HIGH] CWE-693 CVE-2025-47984: Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-49742HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08
CVE-2025-49742 [HIGH] CWE-122 CVE-2025-49742: Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to exec
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
cvelistv5nvd