Microsoft Windows Server 2019 vulnerabilities

3,499 known vulnerabilities affecting microsoft/windows_server_2019.

Total CVEs

3,499

CISA KEV

123

actively exploited

Public exploits

Exploited in wild

111

Severity breakdown

CRITICAL104HIGH2454MEDIUM928LOW13

Vulnerabilities

Page 38 of 175

CVE-2025-26634HIGHCVSS 7.5fixed in 10.0.17763.6893≥ 10.0.17763.0, < 10.0.17763.68932025-03-11

CVE-2025-26634 [HIGH] CWE-122 CVE-2025-26634: Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privil Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-24985HIGHCVSS 7.8KEVfixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24985 [HIGH] CWE-122 CVE-2025-24985: Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-24035HIGHCVSS 8.1fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24035 [HIGH] CWE-591 CVE-2025-24035: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unau Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-24051HIGHCVSS 8.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24051 [HIGH] CWE-122 CVE-2025-24051: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-24045HIGHCVSS 8.1fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24045 [HIGH] CWE-591 CVE-2025-24045: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unau Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-26645HIGHCVSS 8.8fixed in 10.0.17763.6893≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-26633HIGHCVSS 7.0KEVPoCfixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-26633 [HIGH] CWE-707 CVE-2025-26633: Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

nvd

CVE-2025-24993HIGHCVSS 7.8KEVfixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24993 [HIGH] CWE-122 CVE-2025-24993: Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-25008HIGHCVSS 7.1fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-25008 [HIGH] CWE-59 CVE-2025-25008: Improper link resolution before file access ('link following') in Microsoft Windows allows an author Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24064HIGHCVSS 8.1fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24064 [HIGH] CWE-416 CVE-2025-24064: Use after free in DNS Server allows an unauthorized attacker to execute code over a network. Use after free in DNS Server allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-24067HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24067 [HIGH] CWE-122 CVE-2025-24067: Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate p Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24048HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24048 [HIGH] CWE-122 CVE-2025-24048: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privile Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24050HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24050 [HIGH] CWE-122 CVE-2025-24050: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privile Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24044HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24044 [HIGH] CWE-416 CVE-2025-24044: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24059HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24059 [HIGH] CWE-125 CVE-2025-24059: Incorrect conversion between numeric types in Windows Common Log File System Driver allows an author Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-21180HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-21180 [HIGH] CWE-122 CVE-2025-21180: Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-24056HIGHCVSS 8.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24056 [HIGH] CWE-122 CVE-2025-24056: Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute co Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-24061HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24061 [HIGH] CWE-693 CVE-2025-24061: Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to by Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.

nvd

CVE-2025-24995HIGHCVSS 7.8fixed in 10.0.17763.7009≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24995 [HIGH] CWE-122 CVE-2025-24995: Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacke Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24066HIGHCVSS 7.8≥ 10.0.17763.0, < 10.0.17763.70092025-03-11

CVE-2025-24066 [HIGH] CWE-122 CVE-2025-24066: Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate p Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

nvd

← Previous38 / 175Next →