Microsoft Windows Server 2025
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2025.
By the Year
In 2025 there have been 354 vulnerabilities in Microsoft Windows Server 2025 with an average score of 7.2 out of ten. Last year, in 2024 Windows Server 2025 had 90 security vulnerabilities published. That is, 264 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.37
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 354 | 7.23 |
| 2024 | 90 | 7.59 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Windows Server 2025 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2025 Security Vulnerabilities
Exposure of sensitive information to an unauthorized actor in Windows Hello
CVE-2025-47969
4.4 - Medium
- June 10, 2025
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
Information Disclosure
Improper privilege management in Windows Remote Access Connection Manager
CVE-2025-47955
7.8 - High
- June 10, 2025
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Improper access control in Windows SMB
CVE-2025-33073
8.8 - High
- June 10, 2025
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Authorization
Protection mechanism failure in Windows Shell
CVE-2025-47160
5.4 - Medium
- June 10, 2025
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Protection Mechanism Failure
Improper link resolution before file access ('link following') in Windows Installer
CVE-2025-33075
7.8 - High
- June 10, 2025
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
insecure temporary file
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33059
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Improper verification of cryptographic signature in App Control for Business (WDAC)
CVE-2025-33069
5.1 - Medium
- June 10, 2025
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
Improper Verification of Cryptographic Signature
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service
CVE-2025-33068
7.5 - High
- June 10, 2025
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Improper privilege management in Windows Kernel
CVE-2025-33067
8.4 - High
- June 10, 2025
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
Improper Privilege Management
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS)
CVE-2025-33066
8.8 - High
- June 10, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33058
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33055
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-32720
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-32719
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS)
CVE-2025-33064
8.8 - High
- June 10, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Null pointer dereference in Windows Local Security Authority (LSA)
CVE-2025-33057
6.5 - Medium
- June 10, 2025
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
NULL Pointer Dereference
Improper access control in Microsoft Local Security Authority Server (lsasrv)
CVE-2025-33056
7.5 - High
- June 10, 2025
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
Authorization
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33060
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33061
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33062
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33063
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33065
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Use of uninitialized resource in Windows Netlogon
CVE-2025-33070
8.1 - High
- June 10, 2025
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
Use of Uninitialized Resource
Use after free in Windows KDC Proxy Service (KPSSVC)
CVE-2025-33071
8.1 - High
- June 10, 2025
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
Dangling pointer
External control of file name or path in Internet Shortcut Files
CVE-2025-33053
8.8 - High
- June 10, 2025
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
External Control of File Name or Path
Use of uninitialized resource in Windows DWM Core Library
CVE-2025-33052
5.5 - Medium
- June 10, 2025
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Use of Uninitialized Resource
Protection mechanism failure in Windows DHCP Server
CVE-2025-33050
7.5 - High
- June 10, 2025
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Protection Mechanism Failure
Protection mechanism failure in Windows DHCP Server
CVE-2025-32725
7.5 - High
- June 10, 2025
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Protection Mechanism Failure
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS)
CVE-2025-32724
7.5 - High
- June 10, 2025
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Improper access control in Windows Storage Port Driver
CVE-2025-32722
5.5 - Medium
- June 10, 2025
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
Authorization
Improper link resolution before file access ('link following') in Windows Recovery Driver
CVE-2025-32721
7.3 - High
- June 10, 2025
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
insecure temporary file
Use after free in Windows Win32K - GRFX
CVE-2025-32712
7.8 - High
- June 10, 2025
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Dangling pointer
Integer overflow or wraparound in Windows SMB
CVE-2025-32718
7.8 - High
- June 10, 2025
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Heap-based buffer overflow in Windows Common Log File System Driver
CVE-2025-32713
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Use after free in Windows Remote Desktop Services
CVE-2025-32710
8.1 - High
- June 10, 2025
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Race Condition
Missing release of memory after effective lifetime in Windows Cryptographic Services
CVE-2025-29828
8.1 - High
- June 10, 2025
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
Memory Leak
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-24069
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-24065
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Buffer over-read in Windows Storage Management Provider
CVE-2025-24068
5.5 - Medium
- June 10, 2025
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Buffer Over-read
Out-of-bounds read in Remote Desktop Client
CVE-2025-32715
6.5 - Medium
- June 10, 2025
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Improper access control in Windows Installer
CVE-2025-32714
7.8 - High
- June 10, 2025
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
Authorization
Use after free in Windows Ancillary Function Driver for WinSock
CVE-2025-32709
7.8 - High
- May 13, 2025
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Use after free in Windows Common Log File System Driver
CVE-2025-30385
7.8 - High
- May 13, 2025
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Heap-based buffer overflow in Windows Win32K - GRFX
CVE-2025-30388
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Memory Corruption
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service
CVE-2025-30394
5.9 - Medium
- May 13, 2025
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
Race Condition
Improper input validation in Windows Common Log File System Driver
CVE-2025-32706
7.8 - High
- May 13, 2025
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Improper Input Validation
Use after free in Windows DWM
CVE-2025-30400
7.8 - High
- May 13, 2025
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Dangling pointer
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine
CVE-2025-30397
7.5 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Use after free in Windows Common Log File System Driver
CVE-2025-32701
7.8 - High
- May 13, 2025
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29832
6.5 - Medium
- May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 11 24h2 or by Microsoft? Click the Watch button to subscribe.
