Month: September 2025

Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54116 Windows MultiPoint Services Elevation of Privilege Vulnerability→

Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54093 Windows TCP/IP Driver Elevation of Privilege Vulnerability→

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-53797 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54092 Windows Hyper-V Elevation of Privilege Vulnerability→

Access of resource using incompatible type (‘type confusion’) in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-53810 Windows Defender Firewall Service Elevation of Privilege Vulnerability→

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability→

Access of resource using incompatible type (‘type confusion’) in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-53808 Windows Defender Firewall Service Elevation of Privilege Vulnerability→

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Continue reading CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability→