Microsoft Windows Server 2025 (Server Core Installation)
1207 CVEs affecting Microsoft Windows Server 2025 (Server Core Installation). Latest disclosed: 2026-05-20. Critical: 15, High: 847.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49708 | Critical | 9.9 | 2025-10-14 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. |
CVE-2026-41096 | Critical | 9.8 | 2026-05-12 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. |
CVE-2026-41089 | Critical | 9.8 | 2026-05-12 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
CVE-2026-33824 | Critical | 9.8 | 2026-04-14 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. |
CVE-2025-60724 | Critical | 9.8 | 2025-11-11 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-59287 | Critical | 9.8 | 2025-10-14 | Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. |
CVE-2025-53766 | Critical | 9.8 | 2025-08-12 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
CVE-2025-50165 | Critical | 9.8 | 2025-08-12 | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-47981 | Critical | 9.8 | 2025-07-08 | Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. |
CVE-2025-21311 | Critical | 9.8 | 2025-01-14 | Windows NTLM V1 Elevation of Privilege Vulnerability |
CVE-2025-21307 | Critical | 9.8 | 2025-01-14 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
CVE-2025-21298 | Critical | 9.8 | 2025-01-14 | Windows OLE Remote Code Execution Vulnerability |
CVE-2024-49112 | Critical | 9.8 | 2024-12-10 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2024-43639 | Critical | 9.8 | 2024-11-12 | Windows KDC Proxy Remote Code Execution Vulnerability |
CVE-2025-50171 | Critical | 9.1 | 2025-08-12 | Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-40403 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
CVE-2026-34329 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. |
CVE-2026-32157 | High | 8.8 | 2026-04-14 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-32225 | High | 8.8 | 2026-04-14 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-26178 | High | 8.8 | 2026-04-14 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. |