Microsoft Windows 11 Version 25h2
512 CVEs affecting Microsoft Windows 11 Version 25h2. Latest disclosed: 2026-05-20. Critical: 4, High: 387.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49708 | Critical | 9.9 | 2025-10-14 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. |
CVE-2026-41096 | Critical | 9.8 | 2026-05-12 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. |
CVE-2026-33824 | Critical | 9.8 | 2026-04-14 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. |
CVE-2025-60724 | Critical | 9.8 | 2025-11-11 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2026-40403 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
CVE-2026-34329 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. |
CVE-2026-32157 | High | 8.8 | 2026-04-14 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-32225 | High | 8.8 | 2026-04-14 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-26178 | High | 8.8 | 2026-04-14 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-26167 | High | 8.8 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elev… |
CVE-2026-25188 | High | 8.8 | 2026-03-10 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. |
CVE-2026-25177 | High | 8.8 | 2026-03-10 | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a netw… |
CVE-2026-24283 | High | 8.8 | 2026-03-10 | Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-23669 | High | 8.8 | 2026-03-10 | Use after free in RPC Runtime allows an authorized attacker to execute code over a network. |
CVE-2026-21255 | High | 8.8 | 2026-02-10 | Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. |
CVE-2026-21510 | High | 8.8 | 2026-02-10 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-21513 | High | 8.8 | 2026-02-10 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-20868 | High | 8.8 | 2026-01-13 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
CVE-2025-64678 | High | 8.8 | 2025-12-09 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
CVE-2025-62549 | High | 8.8 | 2025-12-09 | Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |