Windows Server 2025 Microsoft Windows Server 2025

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2025.

By the Year

In 2025 there have been 32 vulnerabilities in Microsoft Windows Server 2025 with an average score of 6.9 out of ten. Last year, in 2024 Windows Server 2025 had 90 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2025 in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.67

Year Vulnerabilities Average Score
2025 32 6.92
2024 90 7.59
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Windows Server 2025 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2025 Security Vulnerabilities

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21417 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21413 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21411 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21409 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-21389 7.5 - High - January 14, 2025

Windows upnphost.dll Denial of Service Vulnerability

Resource Exhaustion

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-21382 7.8 - High - January 14, 2025

Windows Graphics Component Elevation of Privilege Vulnerability

Integer Overflow or Wraparound

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2025-21378 7.8 - High - January 14, 2025

Windows CSC Service Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows CSC Service Information Disclosure Vulnerability

CVE-2025-21374 5.5 - Medium - January 14, 2025

Windows CSC Service Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-21372 7.8 - High - January 14, 2025

Microsoft Brokering File System Elevation of Privilege Vulnerability

Dangling pointer

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21335 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Dangling pointer

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21334 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Dangling pointer

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVE-2025-21333 7.8 - High - January 14, 2025

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21341 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

CVE-2025-21340 5.5 - Medium - January 14, 2025

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

Authorization

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21339 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

GDI+ Remote Code Execution Vulnerability

CVE-2025-21338 7.8 - High - January 14, 2025

GDI+ Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Cryptographic Information Disclosure Vulnerability

CVE-2025-21336 5.6 - Medium - January 14, 2025

Windows Cryptographic Information Disclosure Vulnerability

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21332 8.8 - High - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Remote Desktop Services Denial of Service Vulnerability

CVE-2025-21330 7.5 - High - January 14, 2025

Windows Remote Desktop Services Denial of Service Vulnerability

Resource Exhaustion

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21328 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21327 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Internet Explorer Remote Code Execution Vulnerability

CVE-2025-21326 7.8 - High - January 14, 2025

Internet Explorer Remote Code Execution Vulnerability

Object Type Confusion

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21324 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21323 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21321 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21320 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21319 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21318 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21317 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2025-21316 5.5 - Medium - January 14, 2025

Windows Kernel Memory Information Disclosure Vulnerability

Insertion of Sensitive Information into Log File

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-21315 7.8 - High - January 14, 2025

Microsoft Brokering File System Elevation of Privilege Vulnerability

Dangling pointer

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21329 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49138 7.8 - High - December 12, 2024

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49109 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49108 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

WmsRepair Service Elevation of Privilege Vulnerability

CVE-2024-49107 7.3 - High - December 12, 2024

WmsRepair Service Elevation of Privilege Vulnerability

insecure temporary file

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49106 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-49105 8.4 - High - December 12, 2024

Remote Desktop Client Remote Code Execution Vulnerability

Authorization

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49104 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE-2024-49103 4.3 - Medium - December 12, 2024

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Out-of-bounds Read

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49102 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49101 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE-2024-49099 4.3 - Medium - December 12, 2024

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Out-of-bounds Read

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVE-2024-49098 4.3 - Medium - December 12, 2024

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Out-of-bounds Read

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVE-2024-49097 7 - High - December 12, 2024

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Race Condition

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2024-49096 7.5 - High - December 12, 2024

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVE-2024-49095 7 - High - December 12, 2024

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Race Condition

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49094 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVE-2024-49093 8.8 - High - December 12, 2024

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Incorrect Conversion between Numeric Types

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49092 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Domain Name Service Remote Code Execution Vulnerability

CVE-2024-49091 7.2 - High - December 12, 2024

Windows Domain Name Service Remote Code Execution Vulnerability

Sensitive Data Storage in Improperly Locked Memory

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49090 7.8 - High - December 12, 2024

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Untrusted Pointer Dereference

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49089 7.2 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49088 7.8 - High - December 12, 2024

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Buffer Over-read

Windows Mobile Broadband Driver Information Disclosure Vulnerability

CVE-2024-49087 4.6 - Medium - December 12, 2024

Windows Mobile Broadband Driver Information Disclosure Vulnerability

Improper Input Validation

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49086 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49085 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-49084 7 - High - December 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Race Condition

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49083 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows File Explorer Information Disclosure Vulnerability

CVE-2024-49082 6.8 - Medium - December 12, 2024

Windows File Explorer Information Disclosure Vulnerability

Directory traversal

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVE-2024-49081 6.6 - Medium - December 12, 2024

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows IP Routing Management Snapin Remote Code Execution Vulnerability

CVE-2024-49080 8.8 - High - December 12, 2024

Windows IP Routing Management Snapin Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Input Method Editor (IME) Remote Code Execution Vulnerability

CVE-2024-49079 7.8 - High - December 12, 2024

Input Method Editor (IME) Remote Code Execution Vulnerability

Dangling pointer

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49078 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49077 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

CVE-2024-49076 7.8 - High - December 12, 2024

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

authentification

Windows Remote Desktop Services Denial of Service Vulnerability

CVE-2024-49075 7.5 - High - December 12, 2024

Windows Remote Desktop Services Denial of Service Vulnerability

Resource Exhaustion

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVE-2024-49073 6.8 - Medium - December 12, 2024

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Improper Input Validation

Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49072 7.8 - High - December 12, 2024

Windows Task Scheduler Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49132 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2024-49129 7.5 - High - December 12, 2024

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Race Condition

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49128 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2024-49127 8.1 - High - December 12, 2024

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Race Condition

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

CVE-2024-49126 8.1 - High - December 12, 2024

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Race Condition

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-49125 8.8 - High - December 12, 2024

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

CVE-2024-49124 8.1 - High - December 12, 2024

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

Race Condition

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49123 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-49122 8.1 - High - December 12, 2024

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Race Condition

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVE-2024-49121 7.5 - High - December 12, 2024

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

NULL Pointer Dereference

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49120 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2024-49119 8.1 - High - December 12, 2024

Windows Remote Desktop Services Remote Code Execution Vulnerability

Race Condition

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-49118 8.1 - High - December 12, 2024

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Race Condition

Windows Hyper-V Remote Code Execution Vulnerability