Microsoft Windows Server 2025 vulnerabilities
1,143 known vulnerabilities affecting microsoft/windows_server_2025.
Total CVEs
1,143
CISA KEV
36
actively exploited
Public exploits
17
Exploited in wild
5
Severity breakdown
CRITICAL14HIGH797MEDIUM327LOW5
Vulnerabilities
Page 20 of 58
CVE-2025-53139HIGHCVSS 7.1≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-53139 [HIGH] CWE-319 CVE-2025-53139: Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.
cvelistv5nvd
CVE-2025-59192HIGHCVSS 7.8≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59192 [HIGH] CWE-126 CVE-2025-59192: Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-59193HIGHCVSS 7.0≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59193 [HIGH] CWE-362 CVE-2025-59193: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-59210HIGHCVSS 7.4≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59210 [HIGH] CWE-416 CVE-2025-59210: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2025-58728HIGHCVSS 7.8≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-58728 [HIGH] CWE-416 CVE-2025-58728: Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges loca
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-58722HIGHCVSS 7.8fixed in 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-58722 [HIGH] CWE-122 CVE-2025-58722: Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locall
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-58715HIGHCVSS 8.8≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-58715 [HIGH] CWE-190 CVE-2025-58715: Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55335HIGHCVSS 7.0fixed in 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-55335 [HIGH] CWE-362 CVE-2025-55335: Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-59187HIGHCVSS 7.8fixed in 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59187 [HIGH] CWE-20 CVE-2025-59187: Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges loca
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-50152HIGHCVSS 7.8≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-50152 [HIGH] CWE-125 CVE-2025-50152: Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55689HIGHCVSS 7.0fixed in 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-55689 [HIGH] CWE-416 CVE-2025-55689: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges l
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-59196HIGHCVSS 7.0≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59196 [HIGH] CWE-362 CVE-2025-59196: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-58716HIGHCVSS 8.8≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-58716 [HIGH] CWE-20 CVE-2025-58716: Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privi
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-58734HIGHCVSS 7.0≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-58734 [HIGH] CWE-416 CVE-2025-58734: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
cvelistv5nvd
CVE-2025-59206HIGHCVSS 7.4≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59206 [HIGH] CWE-416 CVE-2025-59206: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2025-55693HIGHCVSS 7.0fixed in 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-55693 [HIGH] CWE-416 CVE-2025-55693: Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55331HIGHCVSS 7.0fixed in 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-55331 [HIGH] CWE-416 CVE-2025-55331: Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges l
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-59195HIGHCVSS 7.0≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-59195 [HIGH] CWE-362 CVE-2025-59195: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
cvelistv5nvd
CVE-2025-58727HIGHCVSS 7.0≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-58727 [HIGH] CWE-362 CVE-2025-58727: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-55698HIGHCVSS 7.7≤ 10.0.26100.6899≥ 10.0.26100.0, < 10.0.26100.68992025-10-14
CVE-2025-55698 [HIGH] CWE-476 CVE-2025-55698: Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a net
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.
cvelistv5nvd