Month: July 2025

Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-49688 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability→

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-48823 Windows Cryptographic Services Information Disclosure Vulnerability→

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49687 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability→

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. Continue reading CVE-2025-48819 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability→

Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49686 Windows TCP/IP Driver Elevation of Privilege Vulnerability→

Access of resource using incompatible type (‘type confusion’) in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-48815 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability→

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49677 Microsoft Brokering File System Elevation of Privilege Vulnerability→

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. Continue reading CVE-2025-48809 Windows Secure Kernel Mode Information Disclosure Vulnerability→