Windows
Monthly
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-26636 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-42979 is a security vulnerability (CVSS 5.6). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
A remote code execution vulnerability in Electron (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.
CVE-2025-41255 is a security vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-36537 is a local privilege escalation vulnerability in TeamViewer Client (Full and Host) and Tensor prior to version 15.67 on Windows that allows an unprivileged local user to delete arbitrary files with SYSTEM privileges by exploiting improper permission assignment in the MSI rollback mechanism. The vulnerability is limited to Remote Management features (Backup, Monitoring, and Patch Management), has a CVSS score of 7.0, and requires local access with medium attack complexity but no user interaction. This vulnerability represents a significant elevation-of-privilege risk for organizations relying on TeamViewer for remote management.
CVE-2025-6513 is a local privilege escalation vulnerability in the BRAIN2 application where standard Windows users can access and decrypt the application's database configuration file without authentication. This allows unprivileged local users to obtain database credentials and potentially compromise sensitive data, with a CVSS score of 9.3 indicating critical severity. The vulnerability affects system confidentiality, integrity, and availability across trust boundaries.
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
CVE-2022-49976 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2022-49963 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
A security vulnerability in The (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.
A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
CVE-2025-47962 is an improper access control vulnerability in Windows SDK that allows an authenticated local attacker to escalate privileges without user interaction. The vulnerability affects Windows SDK components and presents a high risk due to its CVSS score of 7.8 (High severity) with high impact on confidentiality, integrity, and availability. While no active exploitation in the wild (KEV status) or public POC has been confirmed at this time, the low attack complexity and requirement for only local user privileges make this a significant priority for Windows environments.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.
A security vulnerability in External control of file name or path in Windows Security App (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.
Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.
Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.
CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.
Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.
Heap-based buffer overflow vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with high privileges. The vulnerability affects Microsoft Office products across multiple versions and requires no user interaction or special privileges to exploit. With a CVSS score of 8.4 and local attack vector, this represents a severe local privilege escalation and code execution risk; exploitation status and real-world activity should be verified against KEV catalogs and EPSS scoring.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.
Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.
Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).
Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.
Local privilege escalation vulnerability in the Windows Kernel stemming from improper privilege management (CWE-269), allowing an unauthenticated attacker with local system access to escalate privileges without user interaction. This affects multiple Windows versions and has a CVSS 8.4 severity rating indicating high confidentiality, integrity, and availability impact. The vulnerability's low attack complexity (AC:L) and lack of privilege requirements (PR:N) indicate it is relatively straightforward to exploit for any local attacker.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Protection mechanism failure in Windows DHCP Server that enables network-based denial-of-service attacks without requiring authentication or user interaction. An attacker can remotely exploit this vulnerability to render DHCP services unavailable, disrupting network connectivity for affected systems. The high CVSS score of 7.5 and network attack vector indicate significant availability impact, though no confidentiality or integrity compromise occurs.
Network-accessible denial-of-service vulnerability in Windows DHCP Server caused by a protection mechanism failure (CWE-693), allowing unauthenticated attackers to exhaust server availability without requiring authentication or user interaction. The vulnerability affects Windows DHCP Server implementations across multiple versions and has a CVSS severity of 7.5 (High). While the description does not explicitly reference KEV inclusion, active exploitation status, or EPSS data, the low attack complexity (AC:L) and network accessibility (AV:N) combined with no authentication requirements indicate this represents a credible denial-of-service threat to DHCP infrastructure.
Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.
CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).
Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.
Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.
Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.
Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.
Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-26636 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
CVE-2025-42979 is a security vulnerability (CVSS 5.6). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability in Dradis through 4.16.0 (CVSS 4.1). Remediation should follow standard vulnerability management procedures.
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-level rights, exploits can be crafted to achieve escalation of privilege and arbitrary code execution. This affects DataGate for SQL Server 17.0.36.0 and 16.0.89.0, DataGate Component Suite 17.0.36.0 and 16.0.89.0, DataGate Monitor 17.0.26.0 and 16.0.65.0, DataGate WebPak 17.0.37.0 and 16.0.90.0, Monarch for .NET 11.4.50.0 and 10.0.62.0, Encore RPG 4.1.36.0, Visual RPG .NET FW 17.0.37.0 and 16.0.90.0, Visual RPG .NET FW Windows Deployment 17.0.36.0 and 16.0.89.0, WingsRPG 11.0.38.0 and 10.0.95.0, Mobile RPG 11.0.35.0 and 10.0.94.0, Monarch Framework for .NET FW 11.0.36.0 and 10.0.89.0, Browser Terminal 17.0.37.0 and 16.0.90.0, Visual RPG Classic 5.2.7.0 and 5.1.17.0, Visual RPG Deployment 5.2.7.0 and 5.1.17.0, and DataGate Studio 17.0.38.0 and 16.0.104.0.
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives.
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
A remote code execution vulnerability in Electron (CVSS 7.8). High severity vulnerability requiring prompt remediation.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother device driver installers for Windows that allows a local attacker with limited user privileges to execute arbitrary code with administrative rights without user interaction. The vulnerability affects various Brother printer and multifunction device driver packages across multiple versions. While the CVSS score of 7.8 indicates significant severity, real-world exploitability depends on whether an attacker has local access to a system during driver installation or can manipulate installer processes.
CVE-2025-41255 is a security vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-36537 is a local privilege escalation vulnerability in TeamViewer Client (Full and Host) and Tensor prior to version 15.67 on Windows that allows an unprivileged local user to delete arbitrary files with SYSTEM privileges by exploiting improper permission assignment in the MSI rollback mechanism. The vulnerability is limited to Remote Management features (Backup, Monitoring, and Patch Management), has a CVSS score of 7.0, and requires local access with medium attack complexity but no user interaction. This vulnerability represents a significant elevation-of-privilege risk for organizations relying on TeamViewer for remote management.
CVE-2025-6513 is a local privilege escalation vulnerability in the BRAIN2 application where standard Windows users can access and decrypt the application's database configuration file without authentication. This allows unprivileged local users to obtain database credentials and potentially compromise sensitive data, with a CVSS score of 9.3 indicating critical severity. The vulnerability affects system confidentiality, integrity, and availability across trust boundaries.
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
CVE-2022-49976 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2022-49963 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.
Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.
Remote code execution vulnerability in Acer ControlCenter that exploits a misconfigured Windows Named Pipe to allow authenticated attackers with low privileges to execute arbitrary code with SYSTEM-level permissions. The vulnerability has a CVSS score of 8.8 (High) and requires only network access and low privileges, making it a significant elevation-of-privilege vector; real-world exploitation likelihood depends on confirmation of active KEV listing and public exploit availability.
Command injection vulnerability in Visual Studio that allows an authenticated attacker with local user interaction to execute arbitrary code over a network with high impact on confidentiality, integrity, and availability. While the vulnerability requires prior authorization and user interaction, successful exploitation could lead to complete system compromise. No public indication of active exploitation or widespread POC availability is currently documented, but the CVSS 7.1 score reflects significant risk in collaborative development environments where multiple authorized users access shared Visual Studio instances.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
A security vulnerability in The (CVSS 6.3). Remediation should follow standard vulnerability management procedures.
DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.
A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
CVE-2025-47962 is an improper access control vulnerability in Windows SDK that allows an authenticated local attacker to escalate privileges without user interaction. The vulnerability affects Windows SDK components and presents a high risk due to its CVSS score of 7.8 (High severity) with high impact on confidentiality, integrity, and availability. While no active exploitation in the wild (KEV status) or public POC has been confirmed at this time, the low attack complexity and requirement for only local user privileges make this a significant priority for Windows environments.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high privileges. The vulnerability affects Word processing functionality and requires no user interaction, making it a critical local privilege escalation vector. Without confirmed KEV status or public POC availability, real-world exploitation likelihood should be assessed against EPSS data and patch availability from Microsoft security advisories.
A security vulnerability in External control of file name or path in Windows Security App (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.
Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.
Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.
Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.
CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.
Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.
Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.
Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.
Heap-based buffer overflow vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with high privileges. The vulnerability affects Microsoft Office products across multiple versions and requires no user interaction or special privileges to exploit. With a CVSS score of 8.4 and local attack vector, this represents a severe local privilege escalation and code execution risk; exploitation status and real-world activity should be verified against KEV catalogs and EPSS scoring.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.
Use-after-free memory corruption vulnerability in Windows KDC Proxy Service (KPSSVC) that allows unauthenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects Windows systems running the Kerberos KDC Proxy Service and represents a critical remote code execution risk in Active Directory environments. While specific KEV/POC status and EPSS scores are not provided in the source data, the network attack vector combined with high CVSS 8.1 score and remote code execution capability indicates this is a significant priority for organizations relying on Windows authentication infrastructure.
Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).
Windows Standards-Based Storage Management Service contains an uncontrolled resource consumption vulnerability allowing unauthenticated network attackers to cause denial of service. The service manages storage operations and its disruption affects storage provisioning and management on Windows servers.
Local privilege escalation vulnerability in the Windows Kernel stemming from improper privilege management (CWE-269), allowing an unauthenticated attacker with local system access to escalate privileges without user interaction. This affects multiple Windows versions and has a CVSS 8.4 severity rating indicating high confidentiality, integrity, and availability impact. The vulnerability's low attack complexity (AC:L) and lack of privilege requirements (PR:N) indicate it is relatively straightforward to exploit for any local attacker.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows unauthenticated remote attackers to execute arbitrary code over the network with user interaction. This is a critical network-accessible vulnerability affecting Windows systems running RRAS; successful exploitation grants the attacker complete system compromise with high confidentiality, integrity, and availability impact. The CVSS 8.8 score reflects the severity, though real-world exploitation probability and active KEV status would determine if this is actively weaponized.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) that allows authenticated network attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. This is a critical vulnerability affecting RRAS implementations across Windows Server and client operating systems; exploitation requires valid credentials but no user interaction, making it suitable for lateral movement and privilege escalation scenarios within compromised networks.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
Protection mechanism failure in Windows DHCP Server that enables network-based denial-of-service attacks without requiring authentication or user interaction. An attacker can remotely exploit this vulnerability to render DHCP services unavailable, disrupting network connectivity for affected systems. The high CVSS score of 7.5 and network attack vector indicate significant availability impact, though no confidentiality or integrity compromise occurs.
Network-accessible denial-of-service vulnerability in Windows DHCP Server caused by a protection mechanism failure (CWE-693), allowing unauthenticated attackers to exhaust server availability without requiring authentication or user interaction. The vulnerability affects Windows DHCP Server implementations across multiple versions and has a CVSS severity of 7.5 (High). While the description does not explicitly reference KEV inclusion, active exploitation status, or EPSS data, the low attack complexity (AC:L) and network accessibility (AV:N) combined with no authentication requirements indicate this represents a credible denial-of-service threat to DHCP infrastructure.
Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.
CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).
Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.
Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.
Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.
Use-after-free vulnerability in Windows Remote Desktop Services (RDS) that allows unauthenticated network attackers to execute arbitrary code with high complexity requirements. The vulnerability affects Windows systems running RDS and represents a critical remote code execution risk; exploitation requires network access but no user interaction, though attack complexity is rated as high. If this CVE has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, it indicates active exploitation in the wild and should be treated as an immediate priority.
Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.