Microsoft Windows Server 2025 vulnerabilities
1,143 known vulnerabilities affecting microsoft/windows_server_2025.
Total CVEs
1,143
CISA KEV
36
actively exploited
Public exploits
17
Exploited in wild
5
Severity breakdown
CRITICAL14HIGH797MEDIUM327LOW5
Vulnerabilities
Page 33 of 58
CVE-2025-47985HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-47985 [HIGH] CWE-822 CVE-2025-47985: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate priv
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49740HIGHCVSS 8.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49740 [HIGH] CWE-693 CVE-2025-49740: Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a secu
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2025-49733HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49733 [HIGH] CWE-416 CVE-2025-49733: Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49680HIGHCVSS 7.3fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49680 [HIGH] CWE-59 CVE-2025-49680: Improper link resolution before file access ('link following') in Windows Performance Recorder allow
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
nvd
CVE-2025-47987HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-47987 [HIGH] CWE-122 CVE-2025-47987: Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elev
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-47986HIGHCVSS 8.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-47986 [HIGH] CWE-416 CVE-2025-47986: Use after free in Universal Print Management Service allows an authorized attacker to elevate privil
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-48817HIGHCVSS 8.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-48817 [HIGH] CWE-23 CVE-2025-48817: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-49723HIGHCVSS 8.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49723 [HIGH] CWE-862 CVE-2025-49723: Missing authorization in Windows StateRepository API allows an authorized attacker to perform tamper
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
nvd
CVE-2025-49686HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49686 [HIGH] CWE-476 CVE-2025-49686: Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges local
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49663HIGHCVSS 8.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49663 [HIGH] CWE-122 CVE-2025-49663: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-49690HIGHCVSS 7.4fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49690 [HIGH] CWE-362 CVE-2025-49690: Concurrent execution using shared resource with improper synchronization ('race condition') in Capab
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2025-49691HIGHCVSS 8.0fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49691 [HIGH] CWE-122 CVE-2025-49691: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
nvd
CVE-2025-49682HIGHCVSS 7.3fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49682 [HIGH] CWE-416 CVE-2025-49682: Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49666HIGHCVSS 7.2fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49666 [HIGH] CWE-122 CVE-2025-49666: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a ne
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
nvd
CVE-2025-49727HIGHCVSS 7.0fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49727 [HIGH] CWE-122 CVE-2025-49727: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privile
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-47972HIGHCVSS 8.0fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-47972 [HIGH] CWE-362 CVE-2025-47972: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-49744HIGHCVSS 7.0PoCfixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49744 [HIGH] CWE-122 CVE-2025-49744: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49732HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49732 [HIGH] CWE-122 CVE-2025-49732: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-48820HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-48820 [HIGH] CWE-59 CVE-2025-48820: Improper link resolution before file access ('link following') in Windows AppX Deployment Service al
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49679HIGHCVSS 7.8fixed in 10.0.26100.4652≥ 10.0.26100.0, < 10.0.26100.46522025-07-08
CVE-2025-49679 [HIGH] CWE-197 CVE-2025-49679: Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locall
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
nvd