Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Security Vulnerabilities324593
CVE-2025-60709
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-60708
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.22%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storvsp.sys Driver Denial of Service Vulnerability

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_10_21h2windows_server_2022_23h2windows_10_1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows Server 2016Windows 11 Version 23H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-60707
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.44%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-16 Dec, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_11_24h2windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_25h2windows_10_1809windows_11_23h2windows_server_2022windows_10_22h2Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2025Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 Version 25H2Windows Server 2022Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-60706
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.22%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_10_21h2windows_server_2022_23h2windows_10_1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows Server 2016Windows 11 Version 23H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-60705
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.71%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Client-Side Caching Elevation of Privilege Vulnerability

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-60704
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2025-60703
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-59513
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.22%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2008windows_10_21h2windows_server_2022_23h2windows_10_1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-59512
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.09%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability

Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_11_24h2windows_server_2025windows_server_2019windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1607windows_server_2016windows_11_23h2windows_server_2012windows_10_22h2windows_11_25h2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-59511
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WLAN Service Elevation of Privilege Vulnerability

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_server_2022windows_server_2019windows_10_21h2windows_server_2022_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2019Windows Server 2022Windows 11 Version 25H2Windows 11 Version 23H2Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-59510
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows Server 2012 R2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows Server 2016Windows 11 Version 23H2Windows Server 2012 R2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-59509
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.85%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-09 Dec, 2025 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Recognition Information Disclosure Vulnerability

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_server_2022windows_server_2019windows_10_21h2windows_server_2022_23h2windows_10_1809Windows 11 Version 24H2Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2019Windows Server 2025Windows 10 Version 22H2Windows 11 Version 25H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-59508
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 14.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Recognition Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_10_21h2windows_server_2022_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-59507
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 14.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_10_21h2windows_server_2022_23h2windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-59506
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 14.66%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-59505
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Smart Card Reader Elevation of Privilege Vulnerability

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_server_2025windows_10_22h2windows_11_23h2windows_10_1607windows_server_2022windows_server_2019windows_server_2016windows_server_2022_23h2windows_10_21h2windows_server_2012windows_10_1809Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows 11 Version 25H2Windows Server 2016Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2022Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-415
Double Free
CVE-2025-59504
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 18.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Agent Remote Code Execution Vulnerability

Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitor_agentAzure Monitor
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-61828
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.70%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:49
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator on iPad | Out-of-bounds Write (CWE-787)

Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-illustrator_on_ipadIllustrator on iPad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61827
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:49
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator on iPad | Heap-based Buffer Overflow (CWE-122)

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-illustrator_on_ipadIllustrator on iPad
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61826
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:49
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator on iPad | Integer Underflow (Wrap or Wraparound) (CWE-191)

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-illustrator_on_ipadIllustrator on iPad
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2025-61829
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:49
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator on iPad | Heap-based Buffer Overflow (CWE-122)

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-illustrator_on_ipadIllustrator on iPad
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61836
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:49
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator on iPad | Integer Underflow (Wrap or Wraparound) (CWE-191)

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-illustrator_on_ipadIllustrator on iPad
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2025-61831
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.70%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:16
Updated-13 Nov, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsillustratormacosIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61820
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:16
Updated-12 Nov, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Heap-based Buffer Overflow (CWE-122)

Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsillustratormacosIllustrator
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61819
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:11
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Photoshop Desktop | Heap-based Buffer Overflow (CWE-122)

Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-photoshopwindowsmacosPhotoshop Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61818
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:06
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Use After Free (CWE-416)

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosincopyInCopy
CWE ID-CWE-416
Use After Free
CVE-2025-61816
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:06
Updated-11 Dec, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Heap-based Buffer Overflow (CWE-122)

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosincopyInCopy
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61817
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:06
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Use After Free (CWE-416)

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosincopyInCopy
CWE ID-CWE-416
Use After Free
CVE-2025-61815
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:00
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Use After Free (CWE-416)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign Desktop
CWE ID-CWE-416
Use After Free
CVE-2025-61814
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:00
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Use After Free (CWE-416)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign Desktop
CWE ID-CWE-416
Use After Free
CVE-2025-61824
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:00
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-61832
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:00
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-35972
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-13 Nov, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel MPI Library
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-35971
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.3||HIGH
EPSS-0.03% / 10.06%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) PROSet/Wireless WiFi Software for Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-35968
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Slim Bootloader
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-35967
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7||HIGH
EPSS-0.02% / 4.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) PROSet/Wireless WiFi Software for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-35963
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.3||HIGH
EPSS-0.03% / 7.21%
||
7 Day CHG-0.01%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) PROSet/Wireless WiFi Software for Windows
CWE ID-CWE-691
Insufficient Control Flow Management
CVE-2025-33029
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.3||HIGH
EPSS-0.02% / 4.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) PROSet/Wireless WiFi Software for Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33000
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.27%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-26 Nov, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel QuickAssist Technology
CWE ID-CWE-20
Improper Input Validation
CVE-2025-32732
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.02% / 2.72%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-26 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT Windows software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-32449
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-PRI Driver software
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2025-32446
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 2.74%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-26 Nov, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel QuickAssist Technology software
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-32091
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.56%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-14 Nov, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) Arc(TM) B-series GPUs
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-32088
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:51
Updated-26 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT Windows software
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-32038
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-01 Dec, 2025 | 22:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel oneAPI DPC++C++ Compiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-32037
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-2||LOW
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-17 Nov, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Network adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) PresentMon
CWE ID-CWE-284
Improper Access Control
CVE-2025-32001
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-01 Dec, 2025 | 22:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) Processor Identification Utility
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-31948
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 4.17%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-17 Nov, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) oneAPI Math Kernel Library
CWE ID-CWE-20
Improper Input Validation
CVE-2025-31940
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-17 Nov, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Intel(R) Thread Director Visualizer software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-31937
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-26 Nov, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT Windows software
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-31931
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:50
Updated-14 Nov, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-Instrumentation and Tracing Technology API (ITT API) software
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • ...
  • 133
  • 134
  • 135
  • ...
  • 6491
  • 6492
  • Next