Microsoft Windows Server 2025 vulnerabilities

1,143 known vulnerabilities affecting microsoft/windows_server_2025.

Total CVEs

1,143

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL14HIGH797MEDIUM327LOW5

Vulnerabilities

Page 53 of 58

CVE-2025-21265MEDIUMCVSS 6.6fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21265 [MEDIUM] CWE-125 CVE-2025-21265: Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability

nvd

CVE-2025-21210MEDIUMCVSS 4.2fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21210 [MEDIUM] CWE-636 CVE-2025-21210: Windows BitLocker Information Disclosure Vulnerability Windows BitLocker Information Disclosure Vulnerability

nvd

CVE-2025-21261MEDIUMCVSS 6.6fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21261 [MEDIUM] CWE-125 CVE-2025-21261: Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability

nvd

CVE-2025-21219MEDIUMCVSS 4.3fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21219 [MEDIUM] CWE-41 CVE-2025-21219: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-21268MEDIUMCVSS 4.3fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21268 [MEDIUM] CWE-41 CVE-2025-21268: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-21217MEDIUMCVSS 6.5≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21217 [MEDIUM] CWE-693 Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability Windows NTLM Spoofing Vulnerability

cvelistv5

CVE-2025-21310MEDIUMCVSS 6.6fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21310 [MEDIUM] CWE-125 CVE-2025-21310: Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability

nvd

CVE-2025-21226MEDIUMCVSS 6.6fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21226 [MEDIUM] CWE-125 CVE-2025-21226: Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability

nvd

CVE-2025-21288MEDIUMCVSS 6.5fixed in 10.0.26100.2894≥ 10.0.26100.0, < 10.0.26100.28942025-01-14

CVE-2025-21288 [MEDIUM] CWE-908 CVE-2025-21288: Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability

nvd

CVE-2024-49112CRITICALCVSS 9.8fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49112 [CRITICAL] CWE-190 CVE-2024-49112: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

nvd

CVE-2024-49115HIGHCVSS 8.1fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49115 [HIGH] CWE-416 CVE-2024-49115: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability

nvd

CVE-2024-49122HIGHCVSS 8.1fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49122 [HIGH] CWE-416 CVE-2024-49122: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

nvd

CVE-2024-49105HIGHCVSS 8.4fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49105 [HIGH] CWE-284 CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

nvd

CVE-2024-49128HIGHCVSS 8.1fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.40612024-12-12

CVE-2024-49128 [HIGH] CWE-416 CVE-2024-49128: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unau Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-49108HIGHCVSS 8.1fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49108 [HIGH] CWE-416 CVE-2024-49108: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability

nvd

CVE-2024-49080HIGHCVSS 8.8fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49080 [HIGH] CWE-122 CVE-2024-49080: Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability

nvd

CVE-2024-49088HIGHCVSS 7.8fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49088 [HIGH] CWE-126 CVE-2024-49088: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-49090HIGHCVSS 7.8fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49090 [HIGH] CWE-822 CVE-2024-49090: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-49089HIGHCVSS 7.2fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49089 [HIGH] CWE-122 CVE-2024-49089: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

nvd

CVE-2024-49104HIGHCVSS 8.8fixed in 10.0.26100.2605≥ 10.0.26100.0, < 10.0.26100.26052024-12-12

CVE-2024-49104 [HIGH] CWE-122 CVE-2024-49104: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

nvd

← Previous53 / 58Next →