Microsoft Windows Server 2025 vulnerabilities

CVE-2025-49753 [HIGH] CWE-122 CVE-2025-49753: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-49729 [HIGH] CWE-122 CVE-2025-49729: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-47971 [HIGH] CWE-126 CVE-2025-47971: Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges l Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-48806 [HIGH] CWE-416 CVE-2025-48806: Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code loc Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.

CVE-2025-49725 [HIGH] CWE-416 CVE-2025-49725: Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

CVE-2025-47975 [HIGH] CWE-415 CVE-2025-47975: Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVE-2025-48002 [MEDIUM] CWE-125 CVE-2025-48002: Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose informat Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.

CVE-2025-48823 [MEDIUM] CWE-310 CVE-2025-48823: Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose i Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

CVE-2025-48808 [MEDIUM] CWE-200 CVE-2025-48808: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2025-47980 [MEDIUM] CWE-200 CVE-2025-47980: Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an un Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

CVE-2025-48810 [MEDIUM] CWE-1037 CVE-2025-48810: Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mo Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.

CVE-2025-48800 [MEDIUM] CWE-693 CVE-2025-48800: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-48811 [MEDIUM] CWE-353 CVE-2025-48811: Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVE-2025-49664 [MEDIUM] CWE-200 CVE-2025-49664: Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Hos Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

CVE-2025-48003 [MEDIUM] CWE-693 CVE-2025-48003: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-48001 [MEDIUM] CWE-367 CVE-2025-48001: Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attack Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-49658 [MEDIUM] CWE-125 CVE-2025-49658: Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

CVE-2025-48804 [MEDIUM] CWE-349 CVE-2025-48804: Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorize Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-48809 [MEDIUM] CWE-1037 CVE-2025-48809: Processor optimization removal or modification of security-critical code in Windows Kernel allows an Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.

CVE-2025-48803 [MEDIUM] CWE-353 CVE-2025-48803: Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.