Medium

CVE-2025-53798 CVSS:6.5

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by buffer over-read in Routing and Remote Access Service (RRAS).

CVE-2025-53804 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by exposure of sensitive information to an unauthorized actor in Kernel.

CVE-2025-54911 CVSS:7.3

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by use-after-free in BitLocker.

CVE-2025-54099 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by stack-based buffer overflow in Ancillary Function Driver for WinSock.

CVE-2025-49734 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper restriction of communication channel to intended endpoints in PowerShell.

CVE-2025-53799 CVSS:5.5

Microsoft Windows could allow a local attacker to obtain sensitive information, caused by use of uninitialized resource in Imaging Component.

CVE-2025-54115 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by concurrent execution using shared resource with improper synchronization ('race condition') in Hyper-V.

CVE-2025-54913 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by concurrent execution using shared resource with improper synchronization ('race condition') in UI XAML Maps MapControlSettings.

CVE-2025-54101 CVSS:4.8

Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by use after free in SMBv3 Client.