Severity
High
Analysis Summary
CVE-2025-49666 CVSS:7.2
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.
CVE-2025-49679 CVSS:7.8
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-47975 CVSS:7
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47976 CVSS:7.8
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-48815 CVSS:7.8
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-49740 CVSS:8.8
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-48802 CVSS:6.5
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
CVE-2025-49723 CVSS:8.8
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
CVE-2025-49684 CVSS:5.5
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-47982 CVSS:7.8
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Impact
- Gain Access
- Buffer Overflow
- Code Execution
- Security Bypass
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-49666
- CVE-2025-49679
- CVE-2025-47975
- CVE-2025-47976
- CVE-2025-48815
- CVE-2025-49740
- CVE-2025-48802
- CVE-2025-49723
- CVE-2025-49684
- CVE-2025-47982
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 Version 1809 for 32-bit Systems
- Microsoft Windows 10 Version 1809 for x64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2022
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2022 (Server Core installation)
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 23H2 for x64-based Systems
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Windows 10 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for x64-based Systems
- Microsoft Windows 10 Version 22H2 for 32-bit Systems
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for 32-bit Systems
- Microsoft Windows Server 2022 23H2 Edition (Server Core installation)
Remediation
Refer to Microsoft Windows Website for patch, upgrade, or suggested workaround information.