Microsoft Windows Server 2025 Vulnerabilities
Fix Microsoft Windows Server 2025 on Windows Server
12 entries · Windows Server · Sorted by severity
Showing 1–12 of 12 results
| Severity | Title | CVSS | |||||
|---|---|---|---|---|---|---|---|
CRITICAL | KB5050009: Windows Server 2025 Security Update (January 2025)Windows Reliable Multicast Transport Driver (RMCAST) Use-After-Free — Unauthenticated Network RCEMicrosoft Windows Server 2025 | CVE-2025-21307 | 9.8 | Microsoft assessed exploitation as "more likely". No public proof-of-concept at time of writing. | Reboot Required | Script | |
CRITICAL | KB5087539: Windows Server 2025 Security Update (May 2026)Windows Netlogon Stack-Based Buffer Overflow — Unauthenticated RCE on Domain ControllersMicrosoft Windows Server 2025 | CVE-2026-41089 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Patch every domain controller before any other system. | Reboot Required | Script | |
CRITICAL | KB5082063: Windows Server 2025 Security Update (April 2026)Windows IKE Service Extensions Double-Free — Unauthenticated RCE via Crafted IKEv2 PacketMicrosoft Windows Server 2025 | CVE-2026-33824 | 9.8 | No public proof-of-concept or in-the-wild exploitation at time of writing. Microsoft assessed as critical severity. | Reboot Required | Script | |
CRITICAL | KB5073379: Windows Server 2025 Security Update (July 2025)SQLite (winsqlite3.dll) Memory Corruption — RCE via Crafted SQL AggregateMicrosoft Windows Server 2025 | CVE-2025-6965 | 9.8 | Discovered by Google's "Big Sleep" AI-assisted vulnerability research. Public proof-of-concept exists for upstream SQLite; in-the-wild exploitation not yet reported. | Reboot Required | Script | |
CRITICAL | KB5066835: Windows Server 2025 Security Update (October 2025)Microsoft Graphics Component Use-After-Free — Network-Reachable Elevation of Privilege (Exploited Zero-Day)Microsoft Windows Server 2025 | CVE-2025-49708 | 9.9 | Not currently listed in the CISA Known Exploited Vulnerabilities Catalogue. No confirmed in-the-wild exploitation of CVE-2025-49708 specifically at time of writing — though the same October 2025 patch cycle did include other Windows zero-days (CVE-2025-24990, CVE-2025-59230). Refer to the MSRC advisory and recent vendor research for current status. | Reboot Required | Script | |
CRITICAL | KB5050009: Windows Server 2025 Security Update (January 2025)NTLMv1 Authentication Implementation Flaw — Remote Privilege EscalationMicrosoft Windows Server 2025 | CVE-2025-21311 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis exists; treat as imminently weaponisable. | Reboot Required | Script | |
CRITICAL | KB5063878: Windows Server 2025 Security Update (August 2025)Windows Imaging Component (windowscodecs.dll) Uninitialized Function Pointer — RCE via Crafted JPEGMicrosoft Windows Server 2025 | CVE-2025-50165 | 9.8 | No confirmed in-the-wild exploitation at time of writing. ESET and Zscaler have published technical analyses; exploit development is straightforward. | Reboot Required | Script | |
CRITICAL | KB5087539: Windows Server 2025 Security Update (May 2026)Windows DNS Client Heap-Based Buffer Overflow — Unauthenticated RCE via Malicious DNS ResponseMicrosoft Windows Server 2025 | CVE-2026-41096 | 9.8 | Microsoft assessed exploitation as "more likely". No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5063878: Windows Server 2025 Security Update (August 2025)Windows GDI+ Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2025 | CVE-2025-53766 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis from Check Point research is available. | Reboot Required | Script | |
CRITICAL | KB5063878: Windows Server 2025 Security Update (August 2025)Remote Desktop Server Missing Authorization — Network Spoofing for Credential TheftMicrosoft Windows Server 2025 | CVE-2025-50171 | 9.1 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5062553: Windows Server 2025 Security Update (July 2025)SPNEGO NEGOEX Heap-Based Buffer Overflow — Wormable Unauthenticated RCE in LSASSMicrosoft Windows Server 2025 | CVE-2025-47981 | 9.8 | Microsoft assessed exploitation as "more likely" and described the flaw as wormable. Prioritise internet-facing systems and domain controllers. | Reboot Required | Script | |
CRITICAL | KB5046617: Windows Server 2025 Security Update (November 2024)Windows Kerberos KDC Proxy (KPSSVC) — Unauthenticated RCE via Integer OverflowMicrosoft Windows Server 2025 | CVE-2024-43639 | 9.8 | No confirmed in-the-wild exploitation at time of writing. ZDI published a technical analysis in March 2025. | Reboot Required | Script |