Microsoft Windows Server 2025 — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows Server 2025, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2025-49708 — CVSS 9.9 (critical): Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2026-41089 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41096 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2025-47981 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-44815 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2025-60724 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-50165 — CVSS 9.8 (critical): Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-53766 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2026-42904 — CVSS 9.6 (critical): Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2025-50171 — CVSS 9.1 (critical): Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45602 — CVSS 9.1 (critical): No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2025-54106 — CVSS 8.8 (high): Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-58718 — CVSS 8.8 (high): Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-34329 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-24051 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-54113 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2026-20868 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-33064 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-24056 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
CVE-2025-33066 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-62549 — CVSS 8.8 (high): Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-29962 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29963 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29964 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29966 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-29967 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2026-25177 — CVSS 8.8 (high): Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate…
CVE-2025-58715 — CVSS 8.8 (high): Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2026-47653 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-47986 — CVSS 8.8 (high): Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2026-47289 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-47998 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-54110 — CVSS 8.8 (high): Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-21205 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2026-32225 — CVSS 8.8 (high): Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-53778 — CVSS 8.8 (high): Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-48817 — CVSS 8.8 (high): Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-62456 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
CVE-2025-48824 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49657 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49663 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-26645 — CVSS 8.8 (high): Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-26647 — CVSS 8.8 (high): Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2025-49668 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49669 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49672 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49673 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49674 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49676 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49687 — CVSS 8.8 (high): Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2025-49688 — CVSS 8.8 (high): Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-26669 — CVSS 8.8 (high): Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a…
CVE-2025-49723 — CVSS 8.8 (high): Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
CVE-2025-49724 — CVSS 8.8 (high): Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
CVE-2025-49729 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2026-40403 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-54918 — CVSS 8.8 (high): Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-49740 — CVSS 8.8 (high): Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45648 — CVSS 8.8 (high): Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2025-49753 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49757 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2026-32157 — CVSS 8.8 (high): Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42985 — CVSS 8.8 (high): Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-55234 — CVSS 8.8 (high): SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these…
CVE-2026-26178 — CVSS 8.8 (high): Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2026-25188 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2025-21221 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-50163 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-27477 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27481 — CVSS 8.8 (high): Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-21222 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2026-21255 — CVSS 8.8 (high): Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
CVE-2025-64678 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-53143 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2025-53144 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2025-53145 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over…
CVE-2025-59295 — CVSS 8.8 (high): Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2025-27740 — CVSS 8.8 (high): Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
CVE-2026-27928 — CVSS 8.7 (high): Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-48822 — CVSS 8.6 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2025-27737 — CVSS 8.6 (high): Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-32221 — CVSS 8.4 (high): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2025-33067 — CVSS 8.4 (high): Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32091 — CVSS 8.4 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an…
CVE-2026-45607 — CVSS 8.4 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45641 — CVSS 8.4 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2025-26678 — CVSS 8.4 (high): Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-24084 — CVSS 8.4 (high): Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
CVE-2026-44810 — CVSS 8.4 (high): Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32162 — CVSS 8.4 (high): Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
CVE-2026-47652 — CVSS 8.2 (high): Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2025-26671 — CVSS 8.1 (high): Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-33070 — CVSS 8.1 (high): Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33071 — CVSS 8.1 (high): Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
CVE-2025-29828 — CVSS 8.1 (high): Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a…
CVE-2026-20856 — CVSS 8.1 (high): Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2026-45599 — CVSS 8.1 (high): Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-33827 — CVSS 8.1 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized…
CVE-2024-49126 — CVSS 8.1 (high): Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2025-33054 — CVSS 8.1 (high): Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-26670 — CVSS 8.1 (high): Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
CVE-2025-24045 — CVSS 8.1 (high): Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over…
CVE-2025-24035 — CVSS 8.1 (high): Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over…
CVE-2026-40415 — CVSS 8.1 (high): Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2025-27482 — CVSS 8.1 (high): Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a…
CVE-2024-49128 — CVSS 8.1 (high): Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over…
CVE-2026-42987 — CVSS 8.1 (high): Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-42974 — CVSS 8.1 (high): Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.