CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 10/121 • 14514 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14514 CVEs for this tag (all time). In the last 365 days, 1680 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-11-04
Medium

CVE-2025-59596

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on a…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-23358

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code executi…

CVSS: 8.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-11-03
Critical

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. Th…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2025-60892

An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key fro…

CVSS: 6.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-10-31
High

CVE-2025-12507

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.

CVSS: 8.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
High

CVE-2025-48982

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-10-29
Medium

CVE-2025-1549

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. T…

CVSS: 6.3 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-14012

Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loa…

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2025-62776

The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed w…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-10-28
High

CVE-2025-62801

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execut…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-10-27
Critical

CVE-2025-55754

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Win…

CVSS: 9.6 CWE: CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences View on NVD
High

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-10-23
Medium

CVE-2025-23345

NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-61865

Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive m…

CVSS: 6.7 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
High

CVE-2025-11575

Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2025-10-22
Critical

CVE-2025-57870

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbit…

CVSS: 10.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-10-20
Critical

CVE-2025-61303

Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware samp…

CVSS: 9.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-62522

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to bef…

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-10-19
High

CVE-2025-11940

A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads t…

CVSS: 7.0 CWE: CWE-426 - Untrusted Search Path View on NVD
2025-10-17
Medium

CVE-2025-62511

yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use (TOCTOU) race condition (CWE-367) in th…

CVSS: 6.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2025-10-16
Medium

CVE-2025-53951

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-53950

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 1…

CVSS: 5.5 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
Critical

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from…

CVSS: 9.2 CWE: CWE-459 - Incomplete Cleanup View on NVD
2025-10-15
Medium

CVE-2025-58132

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.

CVSS: 4.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Low

CVE-2025-62379

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirect_to query parameter value directly to…

CVSS: 3.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2025-9548

A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-10-14
Critical

CVE-2025-62376

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerabili…

CVSS: 9.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2025-59502

Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Low

CVE-2025-59294

Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-59290

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-59289

Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-415 - Double Free View on NVD
Critical

CVE-2025-59287

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Low

CVE-2025-59284

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2025-59280

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

CVSS: 3.1 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-59277

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-59275

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-59259

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVSS: 6.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
Medium

CVE-2025-59257

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVSS: 6.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-59255

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-59254

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-59253

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-59244

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2025-59242

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-59241

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2025-59230

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-59214

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-59211

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-59210

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-59209

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-59208

Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-59207

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-59206

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-59204

Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-59203

Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2025-59202

Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-59198

Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-59197

Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2025-59196

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-59194

Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2025-59193

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2025-59190

Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-59188

Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-59187

Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-59186

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-59185

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2025-59184

Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-58739

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-58737

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-58729

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVSS: 6.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-58728

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-58727

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-58726

Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-58725

Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-58722

Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-58720

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

CVSS: 7.8 CWE: CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation View on NVD
Medium

CVE-2025-58717

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-58716

Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-58715

Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-58714

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-55701

Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
Medium

CVE-2025-55700

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-55699

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-55698

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.

CVSS: 7.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-55695

Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-55694

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-55693

Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

CVSS: 7.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55692

Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-55691

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55690

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55689

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55688

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55687

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.

CVSS: 7.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-55686

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55685

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55684

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-55683

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-55682

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.1 CWE: CWE-841 - Improper Enforcement of Behavioral Workflow View on NVD
High

CVE-2025-55681

Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-55680

Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2025-55679

Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.

CVSS: 5.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-55678

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-55677

Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2025-55676

Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2025-55340

Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.

CVSS: 7.0 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2025-55339

Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-55338

Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.1 CWE: CWE-1310 - Missing Ability to Patch ROM Code View on NVD
Medium

CVE-2025-55337

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.1 CWE: CWE-841 - Improper Enforcement of Behavioral Workflow View on NVD
Medium

CVE-2025-55336

Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-55335

Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVSS: 7.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2025-55334

Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.

CVSS: 6.2 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
Medium

CVE-2025-55333

Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.1 CWE: CWE-1023 - Incomplete Comparison with Missing Factors View on NVD
Medium

CVE-2025-55332

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.1 CWE: CWE-841 - Improper Enforcement of Behavioral Workflow View on NVD
High

CVE-2025-55331

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-55330

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVSS: 6.1 CWE: CWE-841 - Improper Enforcement of Behavioral Workflow View on NVD
High

CVE-2025-55328

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2025-55325

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-53717

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVSS: 7.0 CWE: CWE-807 - Reliance on Untrusted Inputs in a Security Decision View on NVD
High

CVE-2025-53150

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-53139

Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.

CVSS: 7.7 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD