Microsoft Windows Server 2025
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2025.
By the Year
In 2025 there have been 169 vulnerabilities in Microsoft Windows Server 2025 with an average score of 7.2 out of ten. Last year, in 2024 Windows Server 2025 had 90 security vulnerabilities published. That is, 79 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.35
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 169 | 7.25 |
| 2024 | 90 | 7.59 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Windows Server 2025 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2025 Security Vulnerabilities
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine
CVE-2025-30397
7.5 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Use after free in Windows DWM
CVE-2025-30400
7.8 - High
- May 13, 2025
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Dangling pointer
Use after free in Windows Common Log File System Driver
CVE-2025-32701
7.8 - High
- May 13, 2025
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Improper input validation in Windows Common Log File System Driver
CVE-2025-32706
7.8 - High
- May 13, 2025
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Improper Input Validation
Use after free in Windows Ancillary Function Driver for WinSock
CVE-2025-32709
7.8 - High
- May 13, 2025
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Use after free in Windows Common Log File System Driver
CVE-2025-29824
7.8 - High
- April 08, 2025
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
External control of file name or path in Windows NTLM
CVE-2025-24054
5.4 - Medium
- March 11, 2025
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External Control of File Name or Path
Integer overflow or wraparound in Windows Fast FAT Driver
CVE-2025-24985
7.8 - High
- March 11, 2025
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Insertion of sensitive information into log file in Windows NTFS
CVE-2025-24984
4.6 - Medium
- March 11, 2025
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
Insertion of Sensitive Information into Log File
Out-of-bounds read in Windows NTFS
CVE-2025-24991
5.5 - Medium
- March 11, 2025
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Heap-based buffer overflow in Windows NTFS
CVE-2025-24993
7.8 - High
- March 11, 2025
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Improper neutralization in Microsoft Management Console
CVE-2025-26633
7 - High
- March 11, 2025
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Improper Neutralization
Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21184
7 - High
- February 11, 2025
Windows Core Messaging Elevation of Privileges Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21190
8.8 - High
- February 11, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21200
8.8 - High
- February 11, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Server Remote Code Execution Vulnerability
CVE-2025-21201
8.8 - High
- February 11, 2025
Windows Telephony Server Remote Code Execution Vulnerability
Double-free
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-21208
8.8 - High
- February 11, 2025
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21212
6.5 - Medium
- February 11, 2025
Internet Connection Sharing (ICS) Denial of Service Vulnerability
Out-of-bounds Read
Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21216
6.5 - Medium
- February 11, 2025
Internet Connection Sharing (ICS) Denial of Service Vulnerability
Out-of-bounds Read
Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21254
6.5 - Medium
- February 11, 2025
Internet Connection Sharing (ICS) Denial of Service Vulnerability
Out-of-bounds Read
Windows NTFS Elevation of Privilege Vulnerability
CVE-2025-21337
3.3 - Low
- February 11, 2025
Windows NTFS Elevation of Privilege Vulnerability
Authorization
Windows Deployment Services Denial of Service Vulnerability
CVE-2025-21347
6 - Medium
- February 11, 2025
Windows Deployment Services Denial of Service Vulnerability
insecure temporary file
Windows Remote Desktop Configuration Service Tampering Vulnerability
CVE-2025-21349
6.8 - Medium
- February 11, 2025
Windows Remote Desktop Configuration Service Tampering Vulnerability
authentification
Windows Kerberos Denial of Service Vulnerability
CVE-2025-21350
5.9 - Medium
- February 11, 2025
Windows Kerberos Denial of Service Vulnerability
Improper Input Validation
Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21368
8.8 - High
- February 11, 2025
Microsoft Digest Authentication Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-21183
7.4 - High
- February 11, 2025
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Double-free
Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21369
8.8 - High
- February 11, 2025
Microsoft Digest Authentication Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21371
8.8 - High
- February 11, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21373
7.8 - High
- February 11, 2025
Windows Installer Elevation of Privilege Vulnerability
insecure temporary file
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-21375
7.8 - High
- February 11, 2025
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Improper Input Validation
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2025-21376
8.1 - High
- February 11, 2025
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Race Condition
DHCP Client Service Denial of Service Vulnerability
CVE-2025-21179
4.8 - Medium
- February 11, 2025
DHCP Client Service Denial of Service Vulnerability
Out-of-bounds Read
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21181
7.5 - High
- February 11, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Resource Exhaustion
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-21182
7.4 - High
- February 11, 2025
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Double-free
NTLM Hash Disclosure Spoofing Vulnerability
CVE-2025-21377
6.5 - Medium
- February 11, 2025
NTLM Hash Disclosure Spoofing Vulnerability
External Control of File Name or Path
DHCP Client Service Remote Code Execution Vulnerability
CVE-2025-21379
7.1 - High
- February 11, 2025
DHCP Client Service Remote Code Execution Vulnerability
Dangling pointer
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21406
8.8 - High
- February 11, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Dangling pointer
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21407
8.8 - High
- February 11, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-21410
8.8 - High
- February 11, 2025
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Core Messaging Elevation of Privileges Vulnerability
CVE-2025-21414
7 - High
- February 11, 2025
Windows Core Messaging Elevation of Privileges Vulnerability
Heap-based Buffer Overflow
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
CVE-2025-21419
7.1 - High
- February 11, 2025
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
insecure temporary file
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
CVE-2025-21420
7.8 - High
- February 11, 2025
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
insecure temporary file
Windows Storage Elevation of Privilege Vulnerability
CVE-2025-21391
7.1 - High
- February 11, 2025
Windows Storage Elevation of Privilege Vulnerability
insecure temporary file
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-21418
7.8 - High
- February 11, 2025
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2025-21325
7.8 - High
- January 17, 2025
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Incorrect Permission Assignment for Critical Resource
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-21372
7.8 - High
- January 14, 2025
Microsoft Brokering File System Elevation of Privilege Vulnerability
Dangling pointer
Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21374
5.5 - Medium
- January 14, 2025
Windows CSC Service Information Disclosure Vulnerability
Out-of-bounds Read
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2025-21378
7.8 - High
- January 14, 2025
Windows CSC Service Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-21382
7.8 - High
- January 14, 2025
Windows Graphics Component Elevation of Privilege Vulnerability
Integer Overflow or Wraparound
Windows upnphost.dll Denial of Service Vulnerability
CVE-2025-21389
7.5 - High
- January 14, 2025
Windows upnphost.dll Denial of Service Vulnerability
Resource Exhaustion
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21409
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21411
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21413
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21417
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21297
8.1 - High
- January 14, 2025
Windows Remote Desktop Services Remote Code Execution Vulnerability
Dangling pointer
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21302
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
BranchCache Remote Code Execution Vulnerability
CVE-2025-21296
7.5 - High
- January 14, 2025
BranchCache Remote Code Execution Vulnerability
Dangling pointer
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-21295
8.1 - High
- January 14, 2025
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
Dangling pointer
Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21294
8.1 - High
- January 14, 2025
Microsoft Digest Authentication Remote Code Execution Vulnerability
Sensitive Data Storage in Improperly Locked Memory
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2025-21293
8.8 - High
- January 14, 2025
Active Directory Domain Services Elevation of Privilege Vulnerability
Authorization
Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21292
8.8 - High
- January 14, 2025
Windows Search Service Elevation of Privilege Vulnerability
Code Injection
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21290
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Resource Exhaustion
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21289
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Resource Exhaustion
Windows COM Server Information Disclosure Vulnerability
CVE-2025-21288
6.5 - Medium
- January 14, 2025
Windows COM Server Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-21287
7.8 - High
- January 14, 2025
Windows Installer Elevation of Privilege Vulnerability
Improper Privilege Management
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21286
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21285
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
NULL Pointer Dereference
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21252
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21251
7.5 - High
- January 14, 2025
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Resource Exhaustion
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21250
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21249
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21248
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Out-of-bounds Read
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Out-of-bounds Read
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21244
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21243
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Windows Kerberos Information Disclosure Vulnerability
CVE-2025-21242
5.9 - Medium
- January 14, 2025
Windows Kerberos Information Disclosure Vulnerability
Information Disclosure
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21236
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21235
7.8 - High
- January 14, 2025
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Improper Input Validation
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-21234
7.8 - High
- January 14, 2025
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Improper Input Validation
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21233
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21232
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows SmartScreen Spoofing Vulnerability
CVE-2025-21314
6.5 - Medium
- January 14, 2025
Windows SmartScreen Spoofing Vulnerability
User Interface (UI) Misrepresentation of Critical Information
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2025-21284
5.5 - Medium
- January 14, 2025
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Improper Input Validation
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21282
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2025-21225
5.9 - Medium
- January 14, 2025
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Object Type Confusion
Windows Kerberos Denial of Service Vulnerability
CVE-2025-21218
7.5 - High
- January 14, 2025
Windows Kerberos Denial of Service Vulnerability
Resource Exhaustion
MapUrlToZone Security Feature Bypass Vulnerability
CVE-2025-21219
4.3 - Medium
- January 14, 2025
MapUrlToZone Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21220
7.5 - High
- January 14, 2025
Microsoft Message Queuing Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21223
8.8 - High
- January 14, 2025
Windows Telephony Service Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2025-21224
8.1 - High
- January 14, 2025
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Dangling pointer
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21227
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21229
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21228
6.6 - Medium
- January 14, 2025
Windows Digital Media Elevation of Privilege Vulnerability
Out-of-bounds Read
Windows NTLM Spoofing Vulnerability
CVE-2025-21217
6.5 - Medium
- January 14, 2025
Windows NTLM Spoofing Vulnerability
Protection Mechanism Failure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2025 or by Microsoft? Click the Watch button to subscribe.
