|
2025-07-08
|
CVE-2025-47999
|
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
|
Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
6.8
|
|
|
|
2025-07-08
|
CVE-2025-48000
|
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
|
Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
7.8
|
|
|
|
2025-07-08
|
CVE-2025-48001
|
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
6.8
|
|
|
|
2025-07-08
|
CVE-2025-48003
|
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
6.8
|
|
|
|
2025-07-08
|
CVE-2025-48799
|
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
|
Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2025
|
7.8
|
|
|
|
2025-07-08
|
CVE-2025-48800
|
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
6.8
|
|
|
|
2025-07-08
|
CVE-2025-48817
|
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
|
Remote_desktop_client, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_app, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
8.8
|
|
|
|
2025-07-08
|
CVE-2025-48802
|
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
|
Windows_11_22h2, Windows_11_23h2, Windows_server_2022, Windows_server_2022_23h2
|
6.5
|
|
|
|
2025-07-08
|
CVE-2025-48803
|
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
6.7
|
|
|
|
2025-07-08
|
CVE-2025-48804
|
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
6.8
|
|
|