Microsoft Windows Server 2012 R2 vulnerabilities

2,562 known vulnerabilities affecting microsoft/windows_server_2012_r2.

Total CVEs

2,562

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL86HIGH1814MEDIUM653LOW9

Vulnerabilities

Page 18 of 129

CVE-2025-53719MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12

CVE-2025-53719 [MEDIUM] CWE-908 CVE-2025-53719: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-53138MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12

CVE-2025-53138 [MEDIUM] CWE-908 CVE-2025-53138: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-53136MEDIUMCVSS 5.5≥ 6.3.9600.0, < 6.3.9600.227252025-08-12

CVE-2025-53136 [MEDIUM] CWE-200 CVE-2025-53136: Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authori Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-50166MEDIUMCVSS 6.5≥ 6.3.9600.0, < 6.3.9600.227252025-08-12

CVE-2025-50166 [MEDIUM] CWE-190 CVE-2025-50166: Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized a Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-50156MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12

CVE-2025-50156 [MEDIUM] CWE-908 CVE-2025-50156: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-53153MEDIUMCVSS 5.7≥ 6.3.9600.0, < 6.3.9600.227252025-08-12

CVE-2025-53153 [MEDIUM] CWE-908 CVE-2025-53153: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authoriz Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-47981CRITICALCVSS 9.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-47981 [CRITICAL] CWE-122 CVE-2025-47981: Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-49730HIGHCVSS 7.8PoC≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49730 [HIGH] CWE-122 CVE-2025-49730: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an autho Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-47976HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-47976 [HIGH] CWE-416 CVE-2025-47976: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-48814HIGHCVSS 7.5≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-48814 [HIGH] CWE-306 CVE-2025-48814: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an u Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2025-49660HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49660 [HIGH] CWE-416 CVE-2025-49660: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-47973HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-47973 [HIGH] CWE-126 CVE-2025-47973: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

nvd

CVE-2025-49683HIGHCVSS 7.8PoC≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49683 [HIGH] CWE-122 CVE-2025-49683: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execut Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-49669HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49669 [HIGH] CWE-122 CVE-2025-49669: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-49675HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49675 [HIGH] CWE-416 CVE-2025-49675: Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-49688HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49688 [HIGH] CWE-415 CVE-2025-49688: Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to e Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-49721HIGHCVSS 7.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49721 [HIGH] CWE-122 CVE-2025-49721: Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate pri Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.

nvd

CVE-2025-47984HIGHCVSS 7.5≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-47984 [HIGH] CWE-693 CVE-2025-47984: Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-48824HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-48824 [HIGH] CWE-122 CVE-2025-48824: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-49687HIGHCVSS 8.8≥ 6.3.9600.0, < 6.3.9600.226762025-07-08

CVE-2025-49687 [HIGH] CWE-125 CVE-2025-49687: Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate p Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

nvd

← Previous18 / 129Next →