Multiple Microsoft Windows Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-48822 CVSS:8.6

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

CVE-2025-47980 CVSS:6.2

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

CVE-2025-49735 CVSS:8.1

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

CVE-2025-49661 CVSS:7.8

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-48820 CVSS:7.8

Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.

CVE-2025-48000 CVSS:7.8

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

CVE-2025-49724 CVSS:8.8

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

CVE-2025-48823 CVSS:5.9

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

CVE-2025-47985 CVSS:7.8

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

CVE-2025-49660 CVSS:7.8

Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Impact

Information Disclosure
Code Execution
Privilege Escalation

Indicators of Compromise

CVE

CVE-2025-48822
CVE-2025-47980
CVE-2025-49735
CVE-2025-49661
CVE-2025-48820
CVE-2025-48000
CVE-2025-49724
CVE-2025-48823
CVE-2025-47985
CVE-2025-49660

Affected Vendors

Microsoft

Affected Products

Microsoft Windows Server 2019
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 Version 1809 for 32-bit Systems
Microsoft Windows 10 Version 1809 for x64-based Systems
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server (Server Core installation) 2016
Microsoft Windows Server 2022
Microsoft Windows Server 2022 23H2
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server 2025
Microsoft Windows 11 Version 24H2 for x64-based Systems
Microsoft Windows 11 Version 24H2 for ARM64-based Systems
Microsoft Windows 11 Version 23H2 for x64-based Systems
Microsoft Windows 11 Version 23H2 for ARM64-based Systems
Microsoft Windows Server 2025 (Server Core installation)
Microsoft Windows 10 Version 22H2 for x64-based Systems
Microsoft Windows 11 Version 22H2 for x64-based Systems
Microsoft Windows 11 Version 22H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for x64-based Systems
Microsoft Windows 10 Version 22H2 for 32-bit Systems
Microsoft Windows 10 Version 22H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for 32-bit Systems
Microsoft Windows Server 2022 23H2 Edition (Server Core installation)