Month: July 2025

Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49694 Microsoft Brokering File System Elevation of Privilege Vulnerability→

Use after free in Windows Media allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49682 Windows Media Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. Continue reading CVE-2025-49691 Windows Miracast Wireless Display Remote Code Execution Vulnerability→

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49678 NTFS Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2025-49690 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability→

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-49668 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability→

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2025-49689 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally. Continue reading CVE-2025-49664 Windows User-Mode Driver Framework Host Information Disclosure Vulnerability→