Microsoft Windows Server 2019 vulnerabilities

3,499 known vulnerabilities affecting microsoft/windows_server_2019.

Total CVEs

3,499

CISA KEV

123

actively exploited

Public exploits

Exploited in wild

111

Severity breakdown

CRITICAL104HIGH2454MEDIUM928LOW13

Vulnerabilities

Page 42 of 175

CVE-2025-21271HIGHCVSS 7.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21271 [HIGH] CWE-126 CVE-2025-21271: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

nvd

CVE-2025-21304HIGHCVSS 7.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21304 [HIGH] CWE-416 CVE-2025-21304: Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability

nvd

CVE-2025-21289HIGHCVSS 7.5fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21289 [HIGH] CWE-400 CVE-2025-21289: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21389HIGHCVSS 7.5fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21389 [HIGH] CWE-400 CVE-2025-21389: Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an un Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.

nvd

CVE-2025-21295HIGHCVSS 8.1fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21295 [HIGH] CWE-416 CVE-2025-21295: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

nvd

CVE-2025-21338HIGHCVSS 7.8≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21338 [HIGH] CWE-190 GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability

cvelistv5

CVE-2025-21302HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21302 [HIGH] CWE-122 CVE-2025-21302: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21294HIGHCVSS 8.1fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21294 [HIGH] CWE-591 CVE-2025-21294: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability

nvd

CVE-2025-21332HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21332 [HIGH] CWE-41 CVE-2025-21332: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-21292HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21292 [HIGH] CWE-94 CVE-2025-21292: Windows Search Service Elevation of Privilege Vulnerability Windows Search Service Elevation of Privilege Vulnerability

nvd

CVE-2025-21305HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21305 [HIGH] CWE-122 CVE-2025-21305: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21252HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21252 [HIGH] CWE-122 CVE-2025-21252: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21382HIGHCVSS 7.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21382 [HIGH] CWE-122 CVE-2025-21382: Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability

nvd

CVE-2025-21266HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21266 [HIGH] CWE-122 CVE-2025-21266: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21230HIGHCVSS 7.5fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21230 [HIGH] CWE-20 CVE-2025-21230: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21296HIGHCVSS 7.5≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21296 [HIGH] CWE-416 BranchCache Remote Code Execution Vulnerability BranchCache Remote Code Execution Vulnerability BranchCache Remote Code Execution Vulnerability

cvelistv5

CVE-2025-21276HIGHCVSS 7.5fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21276 [HIGH] CWE-191 CVE-2025-21276: Windows MapUrlToZone Denial of Service Vulnerability Windows MapUrlToZone Denial of Service Vulnerability

nvd

CVE-2025-21297HIGHCVSS 8.1fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21297 [HIGH] CWE-416 CVE-2025-21297: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability

nvd

CVE-2025-21277HIGHCVSS 7.5fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21277 [HIGH] CWE-126 CVE-2025-21277: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21240HIGHCVSS 8.8fixed in 10.0.17763.6775≥ 10.0.17763.0, < 10.0.17763.67752025-01-14

CVE-2025-21240 [HIGH] CWE-122 CVE-2025-21240: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

← Previous42 / 175Next →