Microsoft Windows Server 2019 vulnerabilities
3,523 known vulnerabilities affecting microsoft/windows_server_2019.
Total CVEs
3,523
CISA KEV
123
actively exploited
Public exploits
70
Exploited in wild
113
Severity breakdown
CRITICAL104HIGH2472MEDIUM933LOW14
Vulnerabilities
Page 28 of 177
CVE-2025-49667HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49667 [HIGH] CWE-415 CVE-2025-49667: Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49674HIGHCVSS 8.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49674 [HIGH] CWE-122 CVE-2025-49674: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47971HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-47971 [HIGH] CWE-126 CVE-2025-47971: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48816HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-48816 [HIGH] CWE-125 CVE-2025-48816: Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileg
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49672HIGHCVSS 8.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49672 [HIGH] CWE-122 CVE-2025-49672: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47991HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-47991 [HIGH] CWE-416 CVE-2025-47991: Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privi
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47987HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-47987 [HIGH] CWE-122 CVE-2025-47987: Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elev
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47998HIGHCVSS 8.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-47998 [HIGH] CWE-122 CVE-2025-47998: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49735HIGHCVSS 8.1fixed in 10.0.17763.7434≥ 10.0.17763.0, < 10.0.17763.74342025-07-08
CVE-2025-49735 [HIGH] CWE-416 CVE-2025-49735: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49744HIGHCVSS 7.0PoCfixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49744 [HIGH] CWE-122 CVE-2025-49744: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47985HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-47985 [HIGH] CWE-822 CVE-2025-47985: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate priv
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48821HIGHCVSS 7.1fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-48821 [HIGH] CWE-416 CVE-2025-48821: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker t
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
cvelistv5nvd
CVE-2025-47159HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-47159 [HIGH] CWE-693 CVE-2025-47159: Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an author
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49659HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49659 [HIGH] CWE-126 CVE-2025-49659: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48806HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-48806 [HIGH] CWE-416 CVE-2025-48806: Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code loc
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49724HIGHCVSS 8.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49724 [HIGH] CWE-416 CVE-2025-49724: Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to exec
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49726HIGHCVSS 7.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49726 [HIGH] CWE-416 CVE-2025-49726: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48819HIGHCVSS 7.1fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-48819 [HIGH] CWE-591 CVE-2025-48819: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
cvelistv5nvd
CVE-2025-49740HIGHCVSS 8.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-49740 [HIGH] CWE-693 CVE-2025-49740: Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a secu
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-48817HIGHCVSS 8.8fixed in 10.0.17763.7558≥ 10.0.17763.0, < 10.0.17763.75582025-07-08
CVE-2025-48817 [HIGH] CWE-23 CVE-2025-48817: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
cvelistv5nvd