Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Security Vulnerabilities328296
CVE-2025-59502
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-9.38% / 92.54%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-59494
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Agent Elevation of Privilege Vulnerability

Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitor_agentAzure Monitor
CWE ID-CWE-284
Improper Access Control
CVE-2025-59295
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.70%
||
7 Day CHG+0.04%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows URL Parsing Remote Code Execution Vulnerability

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-59294
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Taskbar Live Preview Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-59292
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Compute Gallery Elevation of Privilege Vulnerability

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_compute_galleryAzure Compute Gallery
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-59291
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Confidential Azure Container Instances Elevation of Privilege Vulnerability

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_compute_galleryAzure Compute Gallery
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-59290
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Service Elevation of Privilege Vulnerability

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_11_24h2windows_10_21h2windows_11_23h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_server_2025Windows Server 2025Windows 10 Version 22H2Windows 11 version 22H2Windows Server 2022Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-59288
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Playwright Spoofing Vulnerability

Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.

Action-Not Available
Vendor-Microsoft Corporation
Product-playwrightmicrosoft/playwright
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-59284
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-0.06% / 19.10%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTLM Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2025windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 22H3
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-59282
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 17.78%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-59281
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xbox Gaming Services Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-xbox_gaming_servicesXbox Gaming Services
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-47979
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Failover Cluster Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_server_2022_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-59280
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Client Tampering Vulnerability

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-287
Improper Authentication
CVE-2025-59277
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.42%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Authentication Elevation of Privilege Vulnerability

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-59259
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.73%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Session Manager (LSM) Denial of Service Vulnerability

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-59258
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.08% / 23.53%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2022_23h2windows_server_2025windows_server_2019windows_server_2016Windows Server 2025Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-59257
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.73%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Session Manager (LSM) Denial of Service Vulnerability

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2windows_server_2022_23h2Windows 11 Version 25H2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-59255
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-59254
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-59250
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.14% / 35.39%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JDBC Driver for SQL Server Spoofing Vulnerability

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-jdbc_driver_for_sql_serverMicrosoft JDBC Driver for SQL Server 12.10Microsoft JDBC Driver for SQL Server 12.6Microsoft JDBC Driver for SQL Server 12.2Microsoft JDBC Driver for SQL Server 10.2Microsoft JDBC Driver for SQL Server 11.2Microsoft JDBC Driver for SQL Server 13.2Microsoft JDBC Driver for SQL Server 12.4Microsoft JDBC Driver for SQL Server 12.8
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59249
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.06%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Elevation of Privilege Vulnerability

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-1390
Weak Authentication
CVE-2025-59243
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-49708
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 23.08%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Graphics Component Elevation of Privilege Vulnerability

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-59242
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2025-59237
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.97% / 86.09%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-59236
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_server365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC for Mac 2021Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office 2019Microsoft Office LTSC 2021
CWE ID-CWE-416
Use After Free
CVE-2025-59235
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.72%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsoffice_online_serverexcelsharepoint_serveraccessofficeMicrosoft Excel 2016Microsoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2021Office Online ServerMicrosoft Access 2016Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024Microsoft SharePoint Server 2019Microsoft Office LTSC for Mac 2024Microsoft Office 2019Microsoft Access 2016 (32-bit edition)Microsoft Office LTSC 2021
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-59234
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC for Mac 2021Microsoft Office for AndroidMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office 2016Microsoft Office 2019Microsoft Office LTSC 2021
CWE ID-CWE-416
Use After Free
CVE-2025-59233
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsoffice_online_serverexcelofficeMicrosoft Excel 2016Microsoft Office LTSC for Mac 2021Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office 2019Microsoft Office LTSC 2021
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-59231
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsoffice_online_serverexcelofficeMicrosoft Excel 2016Microsoft Office LTSC for Mac 2021Office Online ServerMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office 2019Microsoft Office LTSC 2021
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-59228
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.78%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Remote Code Execution Vulnerability

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59211
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-59207
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.42%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-59206
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_25h2windows_11_24h2Windows 11 Version 25H2Windows 11 Version 24H2Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-59204
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Management Services Information Disclosure Vulnerability

Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-59202
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 19.14%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Elevation of Privilege Vulnerability

Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2012windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-59201
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability

Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-59200
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data Sharing Service Spoofing Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-59199
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Software Protection Platform (SPP) Elevation of Privilege Vulnerability

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-59196
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-59195
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Graphics Component Denial of Service Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows Server 2022Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-59186
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2022_23h2windows_server_2025windows_server_2019windows_server_2016Windows Server 2025Windows Server 2022Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-59185
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTLM Hash Disclosure Spoofing Vulnerability

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-58735
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-58732
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-58728
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Service Elevation of Privilege Vulnerability

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_25h2windows_10_1809windows_server_2022_23h2windows_server_2025windows_11_23h2windows_10_21h2windows_11_22h2windows_10_22h2windows_server_2019Windows 11 Version 25H2Windows Server 2025Windows 10 Version 22H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-58722
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.67%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1607windows_11_25h2windows_10_1809windows_server_2022_23h2windows_server_2022windows_server_2025windows_11_23h2windows_10_21h2windows_11_22h2windows_server_2019windows_10_22h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-58719
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1607windows_11_25h2windows_10_1809windows_server_2022_23h2windows_server_2022windows_server_2025windows_11_23h2windows_10_21h2windows_11_22h2windows_server_2019windows_10_22h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-58717
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.94%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2012Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-37143
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-12 Nov, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Arbitrary File Download Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web Interface (Physical Access Required)

An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaosArubaOS (AOS)
CWE ID-CWE-284
Improper Access Control
CVE-2025-58716
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.42%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-02 Jan, 2026 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Runtime Elevation of Privilege Vulnerability

Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows 11 Version 25H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 265
  • 266
  • 267
  • ...
  • 6565
  • 6566
  • Next