Month: July 2025

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2025-47971 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability→

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-47976 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-47972 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability→

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-47985 Windows Event Tracing Elevation of Privilege Vulnerability→

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-47984 Windows GDI Information Disclosure Vulnerability→

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability→

Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. Continue reading CVE-2025-48806 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability→

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-49673 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability→