High

CVE-2025-55224 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by concurrent execution using shared resource with improper synchronization ('race condition') in Win32K - GRFX.

CVE-2025-54092 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a concurrent execution using shared resource with improper synchronization ('race condition') in Hyper-V.

CVE-2025-53796 CVSS:6.5

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by buffer over-read in Routing and Remote Access Service (RRAS).

CVE-2025-53797 CVSS:6.5

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by buffer over-read in Routing and Remote Access Service (RRAS).

CVE-2025-54096 CVSS:6.5

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by out-of-bounds read in Routing and Remote Access Service (RRAS).

CVE-2025-54091 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow or wraparound in Hyper-V.

CVE-2025-54114 CVSS:7

Microsoft Windows is vulnerable to a denial of service, caused by concurrent execution using shared resource with improper synchronization ('race condition') in Connected Devices Platform Service.

CVE-2025-53808 CVSS:6.7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by access of resource using incompatible type ('type confusion') in Defender Firewall Service.