Microsoft Windows Server 2022 vulnerabilities
2,817 known vulnerabilities affecting microsoft/windows_server_2022.
Total CVEs
2,817
CISA KEV
102
actively exploited
Public exploits
38
Exploited in wild
85
Severity breakdown
CRITICAL74HIGH2015MEDIUM717LOW11
Vulnerabilities
Page 28 of 141
CVE-2025-49730HIGHCVSS 7.8PoCfixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49730 [HIGH] CWE-122 CVE-2025-49730: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an autho
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47976HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-47976 [HIGH] CWE-416 CVE-2025-47976: Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48814HIGHCVSS 7.5fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-48814 [HIGH] CWE-306 CVE-2025-48814: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an u
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-49688HIGHCVSS 8.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49688 [HIGH] CWE-415 CVE-2025-49688: Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to e
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49660HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49660 [HIGH] CWE-416 CVE-2025-49660: Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49666HIGHCVSS 7.2fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49666 [HIGH] CWE-122 CVE-2025-49666: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a ne
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-47973HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-47973 [HIGH] CWE-126 CVE-2025-47973: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48822HIGHCVSS 8.6fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-48822 [HIGH] CWE-125 CVE-2025-48822: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49685HIGHCVSS 7.0fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49685 [HIGH] CWE-416 CVE-2025-49685: Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privil
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49673HIGHCVSS 8.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49673 [HIGH] CWE-122 CVE-2025-49673: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49683HIGHCVSS 7.8PoCfixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49683 [HIGH] CWE-122 CVE-2025-49683: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execut
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49669HIGHCVSS 8.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49669 [HIGH] CWE-122 CVE-2025-49669: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-49675HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49675 [HIGH] CWE-416 CVE-2025-49675: Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49665HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49665 [HIGH] CWE-362 CVE-2025-49665: Concurrent execution using shared resource with improper synchronization ('race condition') in Works
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49721HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49721 [HIGH] CWE-122 CVE-2025-49721: Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate pri
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-48000HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-48000 [HIGH] CWE-362 CVE-2025-48000: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevat
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-47984HIGHCVSS 7.5fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-47984 [HIGH] CWE-693 CVE-2025-47984: Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
cvelistv5nvd
CVE-2025-49742HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49742 [HIGH] CWE-122 CVE-2025-49742: Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to exec
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-49686HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49686 [HIGH] CWE-476 CVE-2025-49686: Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges local
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-49733HIGHCVSS 7.8fixed in 10.0.20348.3932≥ 10.0.20348.0, < 10.0.20348.39322025-07-08
CVE-2025-49733 [HIGH] CWE-416 CVE-2025-49733: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
cvelistv5nvd