Vulnerability-Lookup

CVE-2025-24084 (GCVE-0-2025-24084)

Vulnerability from cvelistv5 – Published: 2025-03-11 16:59 – Updated: 2026-02-13 19:39

Title

Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

Summary

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.

Severity

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-822 - Untrusted Pointer Dereference

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22621.5039 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.5039 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.5039 (custom)
Microsoft	Windows 11 Version 24H2	Affected: 10.0.26100.0 , < 10.0.26100.3476 (custom)
Microsoft	Windows Server 2022	Affected: 10.0.20348.0 , < 10.0.20348.3328 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.1486 (custom)
Microsoft	Windows Server 2025	Affected: 10.0.26100.0 , < 10.0.26100.3476 (custom)
Microsoft	Windows Server 2025 (Server Core installation)	Affected: 10.0.26100.0 , < 10.0.26100.3476 (custom)

Date Public

2025-03-11 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T18:25:37.995227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T18:30:05.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.5039",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5039",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5039",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.3476",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.3328",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.1486",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.3476",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.3476",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.3328",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.5039",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.3476",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.5039",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.5039",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.1486",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.3476",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.3476",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-03-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:39:00.765Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084"
        }
      ],
      "title": "Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-24084",
    "datePublished": "2025-03-11T16:59:17.033Z",
    "dateReserved": "2025-01-16T23:11:19.738Z",
    "dateUpdated": "2026-02-13T19:39:00.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-24084",
      "date": "2026-06-07",
      "epss": "0.00331",
      "percentile": "0.56331"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-24084\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-03-11T17:16:33.523\",\"lastModified\":\"2025-07-07T17:29:07.287\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.\"},{\"lang\":\"es\",\"value\":\"La desreferenciaci\u00f3n de punteros no confiables en el subsistema de Windows para Linux permite que un atacante no autorizado ejecute c\u00f3digo localmente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-822\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.5039\",\"matchCriteriaId\":\"0B27CE48-66A0-488B-A7B6-18A5A191AFDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22631.5039\",\"matchCriteriaId\":\"77DC7D9D-F85F-41B4-A944-D27B388A1157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*\",\"versionEndExcluding\":\"10.0.26100.3403\",\"matchCriteriaId\":\"B7ADF37E-1DD3-4539-8922-1E059955FEF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"10.0.26100.3403\",\"matchCriteriaId\":\"E0A74D52-ABC0-4733-B892-F8688B6AEBA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.20348.3270\",\"matchCriteriaId\":\"AAACC9C4-DDC5-4059-AFE3-A49DB2347A86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.25398.1486\",\"matchCriteriaId\":\"EF423F8C-2E8A-46AB-BB2D-C416BF341F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.26100.3403\",\"matchCriteriaId\":\"CF81B44C-8FF7-4C61-9974-3F98DA9D492C\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24084\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T18:25:37.995227Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T18:25:39.220Z\"}}], \"cna\": {\"title\": \"Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 22H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22621.0\", \"lessThan\": \"10.0.22621.5039\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 22H3\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22631.0\", \"lessThan\": \"10.0.22631.5039\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 23H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22631.0\", \"lessThan\": \"10.0.22631.5039\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 24H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.3476\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.20348.0\", \"lessThan\": \"10.0.20348.3328\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022, 23H2 Edition (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.25398.0\", \"lessThan\": \"10.0.25398.1486\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.3476\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.3476\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2025-03-11T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084\", \"name\": \"Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-822\", \"description\": \"CWE-822: Untrusted Pointer Dereference\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.20348.3328\", \"versionStartIncluding\": \"10.0.20348.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22621.5039\", \"versionStartIncluding\": \"10.0.22621.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.3476\", \"versionStartIncluding\": \"10.0.26100.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22631.5039\", \"versionStartIncluding\": \"10.0.22631.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22631.5039\", \"versionStartIncluding\": \"10.0.22631.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.25398.1486\", \"versionStartIncluding\": \"10.0.25398.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.3476\", \"versionStartIncluding\": \"10.0.26100.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.3476\", \"versionStartIncluding\": \"10.0.26100.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-13T19:39:00.765Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24084\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-13T19:39:00.765Z\", \"dateReserved\": \"2025-01-16T23:11:19.738Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-03-11T16:59:17.033Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2025-02710

Vulnerability from fstec - Published: 11.03.2025

Title

Уязвимость ядра подсистемы совместимости для запуска Linux-приложений Windows Subsystem for Linux (WSL2) операционных систем Windows, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость ядра подсистемы совместимости для запуска Linux-приложений Windows Subsystem for Linux (WSL2) операционных систем Windows связана с разыменованием недоверенного указателя. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Severity


                    
                      AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 11 22H2, Windows 11 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation)

Software Version

- (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), - (Windows 11 22H2), - (Windows 11 23H2), - (Windows Server 2022, 23H2 Edition (Server Core installation)), - (Windows 11 24H2), - (Windows Server 2025), - (Windows Server 2025 (Server Core installation))

Possible Mitigations

Использование рекомендаций производителя: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084

CWE

CWE-822

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), - (Windows 11 22H2), - (Windows 11 23H2), - (Windows Server 2022, 23H2 Edition (Server Core installation)), - (Windows 11 24H2), - (Windows Server 2025), - (Windows Server 2025 (Server Core installation))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.03.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02710",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-24084",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 11 22H2, Windows 11 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows Server 2022 - , Microsoft Corp Windows Server 2022 (Server Core installation) - , Microsoft Corp Windows 11 22H2 - 64-bit, Microsoft Corp Windows 11 22H2 - ARM64, Microsoft Corp Windows 11 23H2 - 64-bit, Microsoft Corp Windows 11 23H2 - ARM64, Microsoft Corp Windows Server 2022, 23H2 Edition (Server Core installation) - , Microsoft Corp Windows 11 24H2 - 64-bit, Microsoft Corp Windows 11 24H2 - ARM64, Microsoft Corp Windows Server 2025 - , Microsoft Corp Windows Server 2025 (Server Core installation) - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0434\u0440\u0430 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Linux-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Windows Subsystem for Linux (WSL2) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0435 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f (CWE-822)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0434\u0440\u0430 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Linux-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Windows Subsystem for Linux (WSL2) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-822",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}

CERTFR-2025-AVI-0193

Vulnerability from certfr_avis - Published: 2025-03-12 - Updated: 2025-03-12

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Microsoft indique que les vulnérabilités CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993 et CVE-2025-26633 sont activement exploitées.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Windows Server 2016 versions antérieures à 10.0.14393.7785
Microsoft	N/A	Windows App Client pour Windows Desktop versions antérieures à 2.0.365.0
Microsoft	N/A	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1425
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.3476
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.3403
Microsoft	N/A	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.23168
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.5608
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.3194
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 1.000
Microsoft	N/A	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.7009
Microsoft	N/A	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7785
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27618
Microsoft	N/A	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.3403
Microsoft	N/A	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1486
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 1.000
Microsoft	N/A	Windows Server 2019 versions antérieures à 10.0.17763.7009
Microsoft	N/A	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20915
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.3476
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.4890
Microsoft	N/A	Windows Server 2025 versions antérieures à 10.0.26100.3403
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.5608
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.5608
Microsoft	N/A	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.3328
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.20348.3328
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.5487
Microsoft	N/A	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.3476
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.5039
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.4890
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.5608
Microsoft	N/A	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6893
Microsoft	N/A	Windows Server 2012 R2 (Server Core installation) versions antérieures à 1.000
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.5039
Microsoft	N/A	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20947
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.5487
Microsoft	N/A	Windows Server 2016 versions antérieures à 10.0.14393.7876
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 1.000
Microsoft	N/A	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23168
Microsoft	N/A	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7876
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 1.000
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.23168
Microsoft	N/A	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25368
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.5487
Microsoft	N/A	Windows Server 2025 versions antérieures à 10.0.26100.3194
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27618
Microsoft	N/A	Windows Server 2012 R2 versions antérieures à 6.3.9600.22470
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.3194
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.5608
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.3403
Microsoft	N/A	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7876
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.4890
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.5608
Microsoft	N/A	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7785
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.5487
Microsoft	N/A	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7876
Microsoft	N/A	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.3207
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.5039
Microsoft	N/A	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20915
Microsoft	N/A	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7785
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.20348.3207
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.5487
Microsoft	N/A	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6893
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.20348.3270
Microsoft	N/A	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22470
Microsoft	N/A	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6893
Microsoft	N/A	Windows Server 2012 R2 versions antérieures à 1.000
Microsoft	N/A	Remote Desktop client pour Windows Desktop versions antérieures à 1.2.6017.0
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.4890
Microsoft	N/A	Windows Server 2019 versions antérieures à 10.0.17763.6893
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.5487
Microsoft	N/A	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.7009
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.23168
Microsoft	N/A	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.3270
Microsoft	N/A	Windows Server 2025 versions antérieures à 10.0.26100.3476
Microsoft	N/A	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.7009
Microsoft	N/A	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.3194
Microsoft	N/A	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20947
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.5039
Microsoft	N/A	Windows Server 2012 versions antérieures à 6.2.9200.25368

References

Title

Publication Time

FKIE_CVE-2025-24084

Vulnerability from fkie_nvd - Published: 2025-03-11 17:16 - Updated: 2025-07-07 17:29

Severity

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	windows_11_22h2	*
microsoft	windows_11_23h2	*
microsoft	windows_11_24h2	*
microsoft	windows_11_24h2	*
microsoft	windows_server_2022	*
microsoft	windows_server_2022_23h2	*
microsoft	windows_server_2025	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
              "versionEndExcluding": "10.0.22621.5039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
              "versionEndExcluding": "10.0.22631.5039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
              "versionEndExcluding": "10.0.26100.3403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
              "matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
              "versionEndExcluding": "10.0.26100.3403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
              "versionEndExcluding": "10.0.20348.3270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
              "versionEndExcluding": "10.0.25398.1486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
              "versionEndExcluding": "10.0.26100.3403",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally."
    },
    {
      "lang": "es",
      "value": "La desreferenciaci\u00f3n de punteros no confiables en el subsistema de Windows para Linux permite que un atacante no autorizado ejecute c\u00f3digo localmente."
    }
  ],
  "id": "CVE-2025-24084",
  "lastModified": "2025-07-07T17:29:07.287",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-11T17:16:33.523",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-822"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

GHSA-JFX8-97FX-6VFQ

Vulnerability from github – Published: 2025-03-11 18:32 – Updated: 2025-03-11 18:32

Details

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.

Severity

8.4 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-24084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T17:16:33Z",
    "severity": "HIGH"
  },
  "details": "Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-jfx8-97fx-6vfq",
  "modified": "2025-03-11T18:32:18Z",
  "published": "2025-03-11T18:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24084"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2025-24084

Vulnerability from csaf_microsoft - Published: 2025-03-11 07:00 - Updated: 2025-03-13 07:00

Summary

Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

Severity

Critical

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2025-24084

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Fixed 11 products

Product	Identifier	Version	Remediation
Windows Server 2022 10.0.20348.3328 Windows Server 2022		10.0.20348.3328
Windows Server 2022 (Server Core installation) 10.0.20348.3328 Windows Server 2022 (Server Core installation)		10.0.20348.3328
Windows 11 Version 22H2 for ARM64-based Systems 10.0.22621.5039 Windows 11 Version 22H2 for ARM64-based Systems		10.0.22621.5039
Windows 11 Version 22H2 for x64-based Systems 10.0.22621.5039 Windows 11 Version 22H2 for x64-based Systems		10.0.22621.5039
Windows 11 Version 23H2 for ARM64-based Systems 10.0.22631.5039 Windows 11 Version 23H2 for ARM64-based Systems		10.0.22631.5039
Windows 11 Version 23H2 for x64-based Systems 10.0.22631.5039 Windows 11 Version 23H2 for x64-based Systems		10.0.22631.5039
Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.1486 Windows Server 2022, 23H2 Edition (Server Core installation)		10.0.25398.1486
Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.3476 Windows 11 Version 24H2 for ARM64-based Systems		10.0.26100.3476
Windows 11 Version 24H2 for x64-based Systems 10.0.26100.3476 Windows 11 Version 24H2 for x64-based Systems		10.0.26100.3476
Windows Server 2025 10.0.26100.3476 Windows Server 2025		10.0.26100.3476
Windows Server 2025 (Server Core installation) 10.0.26100.3476 Windows Server 2025 (Server Core installation)		10.0.26100.3476

Known affected 11 products

Product	Version	Remediation
Windows Server 2025 (Server Core installation) <10.0.26100.3476 Windows Server 2025 (Server Core installation)	<10.0.26100.3476	Vendor Fix fix Vendor Fix fix
Windows Server 2025 <10.0.26100.3476 Windows Server 2025	<10.0.26100.3476	Vendor Fix fix Vendor Fix fix
Windows 11 Version 24H2 for x64-based Systems <10.0.26100.3476 Windows 11 Version 24H2 for x64-based Systems	<10.0.26100.3476	Vendor Fix fix Vendor Fix fix
Windows 11 Version 24H2 for ARM64-based Systems <10.0.26100.3476 Windows 11 Version 24H2 for ARM64-based Systems	<10.0.26100.3476	Vendor Fix fix Vendor Fix fix
Windows Server 2022, 23H2 Edition (Server Core installation) <10.0.25398.1486 Windows Server 2022, 23H2 Edition (Server Core installation)	<10.0.25398.1486	Vendor Fix fix
Windows 11 Version 23H2 for x64-based Systems <10.0.22631.5039 Windows 11 Version 23H2 for x64-based Systems	<10.0.22631.5039	Vendor Fix fix
Windows 11 Version 23H2 for ARM64-based Systems <10.0.22631.5039 Windows 11 Version 23H2 for ARM64-based Systems	<10.0.22631.5039	Vendor Fix fix
Windows 11 Version 22H2 for x64-based Systems <10.0.22621.5039 Windows 11 Version 22H2 for x64-based Systems	<10.0.22621.5039	Vendor Fix fix
Windows 11 Version 22H2 for ARM64-based Systems <10.0.22621.5039 Windows 11 Version 22H2 for ARM64-based Systems	<10.0.22621.5039	Vendor Fix fix
Windows Server 2022 (Server Core installation) <10.0.20348.3328 Windows Server 2022 (Server Core installation)	<10.0.20348.3328	Vendor Fix fix Vendor Fix fix
Windows Server 2022 <10.0.20348.3328 Windows Server 2022	<10.0.20348.3328	Vendor Fix fix Vendor Fix fix

Threats

Impact Remote Code Execution

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2025/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2025/m…	self

Acknowledgments

Benoît Sevens and Vlad Stolyarov of Google Threat Analysis Group

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Beno\u00eet Sevens and Vlad Stolyarov of Google Threat Analysis Group"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084"
      },
      {
        "category": "self",
        "summary": "CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-24084.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2025-03-13T07:00:00.000Z",
      "generator": {
        "date": "2025-12-17T22:11:47.422Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-24084",
      "initial_release_date": "2025-03-11T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-03-11T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-03-13T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added an acknowledgement. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.20348.3328",
            "product": {
              "name": "Windows Server 2022 \u003c10.0.20348.3328",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.20348.3328",
            "product": {
              "name": "Windows Server 2022 10.0.20348.3328",
              "product_id": "11923"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2022"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.20348.3328",
            "product": {
              "name": "Windows Server 2022 (Server Core installation) \u003c10.0.20348.3328",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.20348.3328",
            "product": {
              "name": "Windows Server 2022 (Server Core installation) 10.0.20348.3328",
              "product_id": "11924"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2022 (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22621.5039",
            "product": {
              "name": "Windows 11 Version 22H2 for ARM64-based Systems \u003c10.0.22621.5039",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22621.5039",
            "product": {
              "name": "Windows 11 Version 22H2 for ARM64-based Systems 10.0.22621.5039",
              "product_id": "12085"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 22H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22621.5039",
            "product": {
              "name": "Windows 11 Version 22H2 for x64-based Systems \u003c10.0.22621.5039",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22621.5039",
            "product": {
              "name": "Windows 11 Version 22H2 for x64-based Systems 10.0.22621.5039",
              "product_id": "12086"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 22H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.3476",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) \u003c10.0.26100.3476",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.3476",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) 10.0.26100.3476",
              "product_id": "12437"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025 (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22631.5039",
            "product": {
              "name": "Windows 11 Version 23H2 for ARM64-based Systems \u003c10.0.22631.5039",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22631.5039",
            "product": {
              "name": "Windows 11 Version 23H2 for ARM64-based Systems 10.0.22631.5039",
              "product_id": "12242"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 23H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22631.5039",
            "product": {
              "name": "Windows 11 Version 23H2 for x64-based Systems \u003c10.0.22631.5039",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22631.5039",
            "product": {
              "name": "Windows 11 Version 23H2 for x64-based Systems 10.0.22631.5039",
              "product_id": "12243"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 23H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.25398.1486",
            "product": {
              "name": "Windows Server 2022, 23H2 Edition (Server Core installation) \u003c10.0.25398.1486",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.25398.1486",
            "product": {
              "name": "Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.1486",
              "product_id": "12244"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2022, 23H2 Edition (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.3476",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems \u003c10.0.26100.3476",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.3476",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.3476",
              "product_id": "12389"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.3476",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems \u003c10.0.26100.3476",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.3476",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems 10.0.26100.3476",
              "product_id": "12390"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.3476",
            "product": {
              "name": "Windows Server 2025 \u003c10.0.26100.3476",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.3476",
            "product": {
              "name": "Windows Server 2025 10.0.26100.3476",
              "product_id": "12436"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-24084",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim\u0027s machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).",
          "title": "How could an attacker exploit this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.",
          "title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
        }
      ],
      "product_status": {
        "fixed": [
          "11923",
          "11924",
          "12085",
          "12086",
          "12242",
          "12243",
          "12244",
          "12389",
          "12390",
          "12436",
          "12437"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084"
        },
        {
          "category": "self",
          "summary": "CVE-2025-24084 Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-24084.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.20348.3328:Security Update:https://support.microsoft.com/help/5053603",
          "product_ids": [
            "11",
            "10"
          ],
          "url": "https://support.microsoft.com/help/5053603"
        },
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.20348.3270:SecurityHotpatchUpdate:https://support.microsoft.com/help/5053638",
          "product_ids": [
            "11",
            "10"
          ],
          "url": "https://support.microsoft.com/help/5053638"
        },
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.22621.5039:Security Update:https://support.microsoft.com/help/5053602",
          "product_ids": [
            "9",
            "8"
          ],
          "url": "https://support.microsoft.com/help/5053602"
        },
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.26100.3476:Security Update:https://support.microsoft.com/help/5053598",
          "product_ids": [
            "1",
            "4",
            "3",
            "2"
          ],
          "url": "https://support.microsoft.com/help/5053598"
        },
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.26100.3403:SecurityHotpatchUpdate:https://support.microsoft.com/help/5053636",
          "product_ids": [
            "1",
            "4",
            "3",
            "2"
          ],
          "url": "https://support.microsoft.com/help/5053636"
        },
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.22631.5039:Security Update:https://support.microsoft.com/help/5053602",
          "product_ids": [
            "7",
            "6"
          ],
          "url": "https://support.microsoft.com/help/5053602"
        },
        {
          "category": "vendor_fix",
          "date": "2025-03-11T07:00:00.000Z",
          "details": "10.0.25398.1486:Security Update:https://support.microsoft.com/help/5053599",
          "product_ids": [
            "5"
          ],
          "url": "https://support.microsoft.com/help/5053599"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability"
    }
  ]
}

NCSC-2025-0078

Vulnerability from csaf_ncscnl - Published: 2025-03-11 18:43 - Updated: 2025-03-11 18:43

Summary

Kwetsbaarheden verholpen in Microsoft Windows

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft kwetsbaarheden verholpen in Windows.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Omzeilen van beveiligingsmaatregel - Uitvoer van willekeurige code (root/adminrechten) - Uitvoer van willekeurige code (Gebruikersrechten) - Verkrijgen van verhoogde rechten - Toegang tot gevoelige gegevens - Voordoen als andere gebruiker Van de kwetsbaarheden met kenmerk CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993 en CVE-2025-26633 geeft Microsoft aan informatie te hebben dat deze eerder actief zijn misbruikt als Zeroday. Er is geen publieke Proof-of-Concept (PoC) of exploitcode bekend. De kwetsbaarheden zijn uitsluitend lokaal te misbruiken. Grootschalig actief misbruik wordt hierdoor niet waarschijnlijk geacht. ``` Windows Kernel-Mode Drivers: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24066 | 8.40 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Remote Desktop Client: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-26645 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Kernel Streaming WOW Thunk Service Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24995 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows USB Video Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24987 | 6.60 | Verkrijgen van verhoogde rechten | | CVE-2025-24988 | 6.60 | Verkrijgen van verhoogde rechten | | CVE-2025-24055 | 4.30 | Toegang tot gevoelige gegevens | |----------------|------|-------------------------------------| Windows Routing and Remote Access Service (RRAS): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24051 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Role: DNS Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24064 | 8.10 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Management Console: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-26633 | 7.00 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows exFAT File System: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-21180 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Cross Device Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24076 | 7.30 | Verkrijgen van verhoogde rechten | | CVE-2025-24994 | 7.30 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Fast FAT Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24985 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Windows: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2024-9157 | onb. | Verkrijgen van verhoogde rechten | | CVE-2025-25008 | 7.10 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Mark of the Web (MOTW): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24061 | 7.80 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Win32 Kernel Subsystem: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24044 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2025-24983 | 7.00 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Kernel Memory: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24997 | 4.40 | Denial-of-Service | |----------------|------|-------------------------------------| Microsoft Local Security Authority Server (lsasrv): |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24072 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Microsoft Streaming Service: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24046 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2025-24067 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Telephony Server: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24056 | 8.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows NTLM: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24996 | 6.50 | Voordoen als andere gebruiker | | CVE-2025-24054 | 6.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Windows MapUrlToZone: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-21247 | 4.30 | Omzeilen van beveiligingsmaatregel | |----------------|------|-------------------------------------| Windows Common Log File System Driver: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24059 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Hyper-V: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24048 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2025-24050 | 7.80 | Verkrijgen van verhoogde rechten | |----------------|------|-------------------------------------| Windows Remote Desktop Services: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24035 | 8.10 | Uitvoeren van willekeurige code | | CVE-2025-24045 | 8.10 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Subsystem for Linux: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24084 | 8.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows File Explorer: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24071 | 7.50 | Voordoen als andere gebruiker | |----------------|------|-------------------------------------| Windows NTFS: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-24984 | 4.60 | Toegang tot gevoelige gegevens | | CVE-2025-24991 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2025-24992 | 5.50 | Toegang tot gevoelige gegevens | | CVE-2025-24993 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans: medium

Schade: high

CWE-591: Sensitive Data Storage in Improperly Locked Memory

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CWE-822: Untrusted Pointer Dereference

CWE-126: Buffer Over-read

CWE-707: Improper Neutralization

CWE-41: Improper Resolution of Path Equivalence

CWE-23: Relative Path Traversal

CWE-190: Integer Overflow or Wraparound

CWE-693: Protection Mechanism Failure

CWE-532: Insertion of Sensitive Information into Log File

CWE-125: Out-of-bounds Read

CWE-284: Improper Access Control

CWE-416: Use After Free

CWE-476: NULL Pointer Dereference

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-122: Heap-based Buffer Overflow

CWE-73: External Control of File Name or Path

CWE-681: Incorrect Conversion between Numeric Types

CVE-2025-24035

CWE-591 - Sensitive Data Storage in Improperly Locked Memory

Affected products

Known affected 54 products

CVE-2024-9157

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 54 products

CVE-2025-24044

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 54 products

CVE-2025-24987

CWE-125 - Out-of-bounds Read

Affected products

Known affected 54 products

CVE-2025-24988

CWE-125 - Out-of-bounds Read

Affected products

Known affected 54 products

CVE-2025-21180

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24995

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24996

CWE-73 - External Control of File Name or Path

Affected products

Known affected 54 products

CVE-2025-21247

CWE-41 - Improper Resolution of Path Equivalence

Affected products

Known affected 54 products

CVE-2025-24046

CWE-416 - Use After Free

Affected products

Known affected 54 products

CVE-2025-24051

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24054

CWE-73 - External Control of File Name or Path

Affected products

Known affected 54 products

CVE-2025-24055

CWE-125 - Out-of-bounds Read

Affected products

Known affected 54 products

CVE-2025-24056

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24059

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 54 products

CVE-2025-24061

CWE-693 - Protection Mechanism Failure

Affected products

Known affected 54 products

CVE-2025-24066

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24067

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24071

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 54 products

CVE-2025-24072

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 54 products

CVE-2025-24984

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Known affected 54 products

CVE-2025-24985

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 54 products

CVE-2025-24991

CWE-125 - Out-of-bounds Read

Affected products

Known affected 54 products

CVE-2025-24992

CWE-126 - Buffer Over-read

Affected products

Known affected 54 products

CVE-2025-24993

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-26633

CWE-707 - Improper Neutralization

Affected products

Known affected 54 products

CVE-2025-26645

CWE-23 - Relative Path Traversal

Affected products

Known affected 54 products

CVE-2025-24048

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 54 products

CVE-2025-24050

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 54 products

CVE-2025-25008

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Known affected 54 products

CVE-2025-24045

CWE-591 - Sensitive Data Storage in Improperly Locked Memory

Affected products

Known affected 54 products

CVE-2025-24064

CWE-416 - Use After Free

Affected products

Known affected 54 products

CVE-2025-24997

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 54 products

CVE-2025-24084

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-822 - Untrusted Pointer Dereference

Affected products

Known affected 54 products

CVE-2025-24076

CWE-284 - Improper Access Control

Affected products

Known affected 54 products

CVE-2025-24994

CWE-284 - Improper Access Control

Affected products

Known affected 54 products

CVE-2025-24983

CWE-416 - Use After Free

Affected products

Known affected 54 products

References

37 references

URL	Category
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2025…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in Windows.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Omzeilen van beveiligingsmaatregel\n- Uitvoer van willekeurige code (root/adminrechten)\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Toegang tot gevoelige gegevens\n- Voordoen als andere gebruiker\n\nVan de kwetsbaarheden met kenmerk CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993 en CVE-2025-26633 geeft Microsoft aan informatie te hebben dat deze eerder actief zijn misbruikt als Zeroday. Er is geen publieke Proof-of-Concept (PoC) of exploitcode bekend. De kwetsbaarheden zijn uitsluitend lokaal te misbruiken. Grootschalig actief misbruik wordt hierdoor niet waarschijnlijk geacht.\n\n```\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24066 | 8.40 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-26645 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nKernel Streaming WOW Thunk Service Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24995 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows USB Video Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24987 | 6.60 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-24988 | 6.60 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-24055 | 4.30 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Routing and Remote Access Service (RRAS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24051 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nRole: DNS Server: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24064 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Management Console: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-26633 | 7.00 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows exFAT File System: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-21180 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Cross Device Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24076 | 7.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-24994 | 7.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Fast FAT Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24985 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2024-9157  | onb. | Verkrijgen van verhoogde rechten    | \n| CVE-2025-25008 | 7.10 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24061 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Win32 Kernel Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24044 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-24983 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel Memory: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24997 | 4.40 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nMicrosoft Local Security Authority Server (lsasrv): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24072 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Streaming Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24046 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-24067 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Server: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24056 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows NTLM: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24996 | 6.50 | Voordoen als andere gebruiker       | \n| CVE-2025-24054 | 6.50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nWindows MapUrlToZone: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-21247 | 4.30 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24059 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24048 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-24050 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24035 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2025-24045 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Subsystem for Linux: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24084 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows File Explorer: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24071 | 7.50 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-24984 | 4.60 | Toegang tot gevoelige gegevens      | \n| CVE-2025-24991 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2025-24992 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2025-24993 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Sensitive Data Storage in Improperly Locked Memory",
        "title": "CWE-591"
      },
      {
        "category": "general",
        "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
        "title": "CWE-59"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      },
      {
        "category": "general",
        "text": "Buffer Over-read",
        "title": "CWE-126"
      },
      {
        "category": "general",
        "text": "Improper Neutralization",
        "title": "CWE-707"
      },
      {
        "category": "general",
        "text": "Improper Resolution of Path Equivalence",
        "title": "CWE-41"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Protection Mechanism Failure",
        "title": "CWE-693"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "External Control of File Name or Path",
        "title": "CWE-73"
      },
      {
        "category": "general",
        "text": "Incorrect Conversion between Numeric Types",
        "title": "CWE-681"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Windows",
    "tracking": {
      "current_release_date": "2025-03-11T18:43:14.505624Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0078",
      "initial_release_date": "2025-03-11T18:43:14.505624Z",
      "revision_history": [
        {
          "date": "2025-03-11T18:43:14.505624Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/1.2.0.0|\u003c1.2.6017.0",
                "product": {
                  "name": "vers:unknown/1.2.0.0|\u003c1.2.6017.0",
                  "product_id": "CSAFPID-2461968"
                }
              }
            ],
            "category": "product_name",
            "name": "Remote Desktop client for Windows Desktop"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1332109"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.10240.20947 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.10240.20947 x64",
                      "product_id": "CSAFPID-2461392"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.10240.20947 x86",
                    "product": {
                      "name": "vers:microsoft/10.0.10240.20947 x86",
                      "product_id": "CSAFPID-2461386"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 10 1507"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.14393.7876 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.14393.7876 x64",
                      "product_id": "CSAFPID-2461385"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.14393.7876 x86",
                    "product": {
                      "name": "vers:microsoft/10.0.14393.7876 x86",
                      "product_id": "CSAFPID-2461401"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 10 1607"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.17763.7009 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.17763.7009 x64",
                      "product_id": "CSAFPID-2461384"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.17763.7009 x86",
                    "product": {
                      "name": "vers:microsoft/10.0.17763.7009 x86",
                      "product_id": "CSAFPID-2461383"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 10 1809"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.19044.5608 arm",
                    "product": {
                      "name": "vers:microsoft/10.0.19044.5608 arm",
                      "product_id": "CSAFPID-2461382"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.19044.5608 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.19044.5608 x64",
                      "product_id": "CSAFPID-2461402"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.19044.5608 x86",
                    "product": {
                      "name": "vers:microsoft/10.0.19044.5608 x86",
                      "product_id": "CSAFPID-2461403"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 10 21h2"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.19045.5608 arm",
                    "product": {
                      "name": "vers:microsoft/10.0.19045.5608 arm",
                      "product_id": "CSAFPID-2461390"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.19045.5608 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.19045.5608 x64",
                      "product_id": "CSAFPID-2461398"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.19045.5608 x86",
                    "product": {
                      "name": "vers:microsoft/10.0.19045.5608 x86",
                      "product_id": "CSAFPID-2461391"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 10 22h2"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.22621.5039 arm",
                    "product": {
                      "name": "vers:microsoft/10.0.22621.5039 arm",
                      "product_id": "CSAFPID-2461381"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.22621.5039 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.22621.5039 x64",
                      "product_id": "CSAFPID-2461393"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 11 22H2"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.22631.5039 arm",
                    "product": {
                      "name": "vers:microsoft/10.0.22631.5039 arm",
                      "product_id": "CSAFPID-2461400"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.22631.5039 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.22631.5039 x64",
                      "product_id": "CSAFPID-2461380"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 11 23H2"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.26100.3476 arm",
                    "product": {
                      "name": "vers:microsoft/10.0.26100.3476 arm",
                      "product_id": "CSAFPID-2461394"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.26100.3476 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.26100.3476 x64",
                      "product_id": "CSAFPID-2461396"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows 11 Version 24H2"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/6.2.9200.25368 x64",
                    "product": {
                      "name": "vers:microsoft/6.2.9200.25368 x64",
                      "product_id": "CSAFPID-2461395"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 2012"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/6.3.9600.22470 x64",
                    "product": {
                      "name": "vers:microsoft/6.3.9600.22470 x64",
                      "product_id": "CSAFPID-2461399"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 2012 R2"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.14393.7876 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.14393.7876 x64",
                      "product_id": "CSAFPID-2461389"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 2016"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.17763.7009 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.17763.7009 x64",
                      "product_id": "CSAFPID-2461388"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 2019"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.20348.3328 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.20348.3328 x64",
                      "product_id": "CSAFPID-2461379"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 2022"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.26100.3476 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.26100.3476 x64",
                      "product_id": "CSAFPID-2461397"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 2025"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/10.0.25398.1486 x64",
                    "product": {
                      "name": "vers:microsoft/10.0.25398.1486 x64",
                      "product_id": "CSAFPID-2461387"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Windows Server 23H2"
              }
            ],
            "category": "product_family",
            "name": "Microsoft"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.10240.0|\u003c10.0.10240.20947",
                "product": {
                  "name": "vers:unknown/10.0.10240.0|\u003c10.0.10240.20947",
                  "product_id": "CSAFPID-2461940"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1507"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.14393.0|\u003c10.0.14393.7876",
                "product": {
                  "name": "vers:unknown/10.0.14393.0|\u003c10.0.14393.7876",
                  "product_id": "CSAFPID-2461941"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1607"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.17763.0|\u003c10.0.17763.7009",
                "product": {
                  "name": "vers:unknown/10.0.17763.0|\u003c10.0.17763.7009",
                  "product_id": "CSAFPID-2461928"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 1809"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.19043.0|\u003c10.0.19044.5608",
                "product": {
                  "name": "vers:unknown/10.0.19043.0|\u003c10.0.19044.5608",
                  "product_id": "CSAFPID-2461932"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 21H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.19045.0|\u003c10.0.19045.5608",
                "product": {
                  "name": "vers:unknown/10.0.19045.0|\u003c10.0.19045.5608",
                  "product_id": "CSAFPID-2461934"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10 Version 22H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.22631.0|\u003c10.0.22631.5039",
                "product": {
                  "name": "vers:unknown/10.0.22631.0|\u003c10.0.22631.5039",
                  "product_id": "CSAFPID-2461937"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 23H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.26100.0|\u003c10.0.26100.3476",
                "product": {
                  "name": "vers:unknown/10.0.26100.0|\u003c10.0.26100.3476",
                  "product_id": "CSAFPID-2461938"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.22621.0|\u003c10.0.22621.5039",
                "product": {
                  "name": "vers:unknown/10.0.22621.0|\u003c10.0.22621.5039",
                  "product_id": "CSAFPID-2461933"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 version 22H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.22631.0|\u003c10.0.22631.5039",
                "product": {
                  "name": "vers:unknown/10.0.22631.0|\u003c10.0.22631.5039",
                  "product_id": "CSAFPID-2461936"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 version 22H3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/1.00|\u003c2.0.365.0",
                "product": {
                  "name": "vers:unknown/1.00|\u003c2.0.365.0",
                  "product_id": "CSAFPID-2461967"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows App Client for Windows Desktop"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.0.6003.0|\u003c6.0.6003.23168",
                "product": {
                  "name": "vers:unknown/6.0.6003.0|\u003c6.0.6003.23168",
                  "product_id": "CSAFPID-2461946"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008  Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.1.7601.0|\u003c6.1.7601.27618",
                "product": {
                  "name": "vers:unknown/6.1.7601.0|\u003c6.1.7601.27618",
                  "product_id": "CSAFPID-2461947"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 Service Pack 1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.1.7601.0|\u003c6.1.7601.27618",
                "product": {
                  "name": "vers:unknown/6.1.7601.0|\u003c6.1.7601.27618",
                  "product_id": "CSAFPID-2461948"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.0.6003.0|\u003c6.0.6003.23168",
                "product": {
                  "name": "vers:unknown/6.0.6003.0|\u003c6.0.6003.23168",
                  "product_id": "CSAFPID-2461944"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 Service Pack 2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.0.6003.0|\u003c6.0.6003.23168",
                "product": {
                  "name": "vers:unknown/6.0.6003.0|\u003c6.0.6003.23168",
                  "product_id": "CSAFPID-2461945"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2008 Service Pack 2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.2.9200.0|\u003c6.2.9200.25368",
                "product": {
                  "name": "vers:unknown/6.2.9200.0|\u003c6.2.9200.25368",
                  "product_id": "CSAFPID-2461949"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.2.9200.0|\u003c6.2.9200.25368",
                "product": {
                  "name": "vers:unknown/6.2.9200.0|\u003c6.2.9200.25368",
                  "product_id": "CSAFPID-2461950"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.3.9600.0|\u003c6.3.9600.22470",
                "product": {
                  "name": "vers:unknown/6.3.9600.0|\u003c6.3.9600.22470",
                  "product_id": "CSAFPID-2461951"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/6.3.9600.0|\u003c6.3.9600.22470",
                "product": {
                  "name": "vers:unknown/6.3.9600.0|\u003c6.3.9600.22470",
                  "product_id": "CSAFPID-2461952"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.14393.0|\u003c10.0.14393.7876",
                "product": {
                  "name": "vers:unknown/10.0.14393.0|\u003c10.0.14393.7876",
                  "product_id": "CSAFPID-2461942"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.14393.0|\u003c10.0.14393.7876",
                "product": {
                  "name": "vers:unknown/10.0.14393.0|\u003c10.0.14393.7876",
                  "product_id": "CSAFPID-2461943"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.17763.0|\u003c10.0.17763.7009",
                "product": {
                  "name": "vers:unknown/10.0.17763.0|\u003c10.0.17763.7009",
                  "product_id": "CSAFPID-2461929"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.17763.0|\u003c10.0.17763.7009",
                "product": {
                  "name": "vers:unknown/10.0.17763.0|\u003c10.0.17763.7009",
                  "product_id": "CSAFPID-2461930"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019 (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.20348.0|\u003c10.0.20348.3328",
                "product": {
                  "name": "vers:unknown/10.0.20348.0|\u003c10.0.20348.3328",
                  "product_id": "CSAFPID-2461931"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.25398.0|\u003c10.0.25398.1486",
                "product": {
                  "name": "vers:unknown/10.0.25398.0|\u003c10.0.25398.1486",
                  "product_id": "CSAFPID-2461357"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022, 23H2 Edition (Server Core installation)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.26100.0|\u003c10.0.26100.3476",
                "product": {
                  "name": "vers:unknown/10.0.26100.0|\u003c10.0.26100.3476",
                  "product_id": "CSAFPID-2461939"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/10.0.26100.0|\u003c10.0.26100.3476",
                "product": {
                  "name": "vers:unknown/10.0.26100.0|\u003c10.0.26100.3476",
                  "product_id": "CSAFPID-2461935"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025 (Server Core installation)"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-24035",
      "cwe": {
        "id": "CWE-591",
        "name": "Sensitive Data Storage in Improperly Locked Memory"
      },
      "notes": [
        {
          "category": "other",
          "text": "Sensitive Data Storage in Improperly Locked Memory",
          "title": "CWE-591"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24035",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24035.json"
        }
      ],
      "title": "CVE-2025-24035"
    },
    {
      "cve": "CVE-2024-9157",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-9157",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9157.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2024-9157"
    },
    {
      "cve": "CVE-2025-24044",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24044",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24044.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2025-24044"
    },
    {
      "cve": "CVE-2025-24987",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24987",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24987.json"
        }
      ],
      "title": "CVE-2025-24987"
    },
    {
      "cve": "CVE-2025-24988",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24988",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24988.json"
        }
      ],
      "title": "CVE-2025-24988"
    },
    {
      "cve": "CVE-2025-21180",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21180",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21180.json"
        }
      ],
      "title": "CVE-2025-21180"
    },
    {
      "cve": "CVE-2025-24995",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24995",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24995.json"
        }
      ],
      "title": "CVE-2025-24995"
    },
    {
      "cve": "CVE-2025-24996",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24996",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24996.json"
        }
      ],
      "title": "CVE-2025-24996"
    },
    {
      "cve": "CVE-2025-21247",
      "cwe": {
        "id": "CWE-41",
        "name": "Improper Resolution of Path Equivalence"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resolution of Path Equivalence",
          "title": "CWE-41"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21247",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21247.json"
        }
      ],
      "title": "CVE-2025-21247"
    },
    {
      "cve": "CVE-2025-24046",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24046",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24046.json"
        }
      ],
      "title": "CVE-2025-24046"
    },
    {
      "cve": "CVE-2025-24051",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24051",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24051.json"
        }
      ],
      "title": "CVE-2025-24051"
    },
    {
      "cve": "CVE-2025-24054",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "External Control of File Name or Path",
          "title": "CWE-73"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24054",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24054.json"
        }
      ],
      "title": "CVE-2025-24054"
    },
    {
      "cve": "CVE-2025-24055",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24055",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24055.json"
        }
      ],
      "title": "CVE-2025-24055"
    },
    {
      "cve": "CVE-2025-24056",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24056",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24056.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2025-24056"
    },
    {
      "cve": "CVE-2025-24059",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Incorrect Conversion between Numeric Types",
          "title": "CWE-681"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24059",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24059.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2025-24059"
    },
    {
      "cve": "CVE-2025-24061",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "other",
          "text": "Protection Mechanism Failure",
          "title": "CWE-693"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24061",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24061.json"
        }
      ],
      "title": "CVE-2025-24061"
    },
    {
      "cve": "CVE-2025-24066",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24066",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24066.json"
        }
      ],
      "title": "CVE-2025-24066"
    },
    {
      "cve": "CVE-2025-24067",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24067",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24067.json"
        }
      ],
      "title": "CVE-2025-24067"
    },
    {
      "cve": "CVE-2025-24071",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24071",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24071.json"
        }
      ],
      "title": "CVE-2025-24071"
    },
    {
      "cve": "CVE-2025-24072",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24072",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24072.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2025-24072"
    },
    {
      "cve": "CVE-2025-24984",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24984",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24984.json"
        }
      ],
      "title": "CVE-2025-24984"
    },
    {
      "cve": "CVE-2025-24985",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24985",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24985.json"
        }
      ],
      "title": "CVE-2025-24985"
    },
    {
      "cve": "CVE-2025-24991",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24991",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24991.json"
        }
      ],
      "title": "CVE-2025-24991"
    },
    {
      "cve": "CVE-2025-24992",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Over-read",
          "title": "CWE-126"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24992",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24992.json"
        }
      ],
      "title": "CVE-2025-24992"
    },
    {
      "cve": "CVE-2025-24993",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24993",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24993.json"
        }
      ],
      "title": "CVE-2025-24993"
    },
    {
      "cve": "CVE-2025-26633",
      "cwe": {
        "id": "CWE-707",
        "name": "Improper Neutralization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization",
          "title": "CWE-707"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26633",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26633.json"
        }
      ],
      "title": "CVE-2025-26633"
    },
    {
      "cve": "CVE-2025-26645",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26645",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26645.json"
        }
      ],
      "title": "CVE-2025-26645"
    },
    {
      "cve": "CVE-2025-24048",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24048",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24048.json"
        }
      ],
      "title": "CVE-2025-24048"
    },
    {
      "cve": "CVE-2025-24050",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24050",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24050.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2025-24050"
    },
    {
      "cve": "CVE-2025-25008",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-25008",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25008.json"
        }
      ],
      "title": "CVE-2025-25008"
    },
    {
      "cve": "CVE-2025-24045",
      "cwe": {
        "id": "CWE-591",
        "name": "Sensitive Data Storage in Improperly Locked Memory"
      },
      "notes": [
        {
          "category": "other",
          "text": "Sensitive Data Storage in Improperly Locked Memory",
          "title": "CWE-591"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24045",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24045.json"
        }
      ],
      "title": "CVE-2025-24045"
    },
    {
      "cve": "CVE-2025-24064",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24064",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24064.json"
        }
      ],
      "title": "CVE-2025-24064"
    },
    {
      "cve": "CVE-2025-24997",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24997",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24997.json"
        }
      ],
      "title": "CVE-2025-24997"
    },
    {
      "cve": "CVE-2025-24084",
      "cwe": {
        "id": "CWE-822",
        "name": "Untrusted Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24084",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24084.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2461968",
            "CSAFPID-1332109",
            "CSAFPID-2461392",
            "CSAFPID-2461386",
            "CSAFPID-2461385",
            "CSAFPID-2461401",
            "CSAFPID-2461384",
            "CSAFPID-2461383",
            "CSAFPID-2461382",
            "CSAFPID-2461402",
            "CSAFPID-2461403",
            "CSAFPID-2461390",
            "CSAFPID-2461398",
            "CSAFPID-2461391",
            "CSAFPID-2461940",
            "CSAFPID-2461941",
            "CSAFPID-2461928",
            "CSAFPID-2461932",
            "CSAFPID-2461934",
            "CSAFPID-2461381",
            "CSAFPID-2461393",
            "CSAFPID-2461400",
            "CSAFPID-2461380",
            "CSAFPID-2461937",
            "CSAFPID-2461394",
            "CSAFPID-2461396",
            "CSAFPID-2461938",
            "CSAFPID-2461933",
            "CSAFPID-2461936",
            "CSAFPID-2461967",
            "CSAFPID-2461946",
            "CSAFPID-2461947",
            "CSAFPID-2461948",
            "CSAFPID-2461944",
            "CSAFPID-2461945",
            "CSAFPID-2461395",
            "CSAFPID-2461949",
            "CSAFPID-2461950",
            "CSAFPID-2461399",
            "CSAFPID-2461951",
            "CSAFPID-2461952",
            "CSAFPID-2461389",
            "CSAFPID-2461942",
            "CSAFPID-2461943",
            "CSAFPID-2461388",
            "CSAFPID-2461929",
            "CSAFPID-2461930",
            "CSAFPID-2461379",
            "CSAFPID-2461931",
            "CSAFPID-2461357",
            "CSAFPID-2461397",
            "CSAFPID-2461939",
            "CSAFPID-2461935",
            "CSAFPID-2461387"
          ]
        }
      ],
      "title": "CVE-2025-24084"
    },
    {
      "cve": "CVE-2025-24076",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24076",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24076.json"
        }
      ],
      "title": "CVE-2025-24076"
    },
    {
      "cve": "CVE-2025-24994",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24994",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24994.json"
        }
      ],
      "title": "CVE-2025-24994"
    },
    {
      "cve": "CVE-2025-24983",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2461968",
          "CSAFPID-1332109",
          "CSAFPID-2461392",
          "CSAFPID-2461386",
          "CSAFPID-2461385",
          "CSAFPID-2461401",
          "CSAFPID-2461384",
          "CSAFPID-2461383",
          "CSAFPID-2461382",
          "CSAFPID-2461402",
          "CSAFPID-2461403",
          "CSAFPID-2461390",
          "CSAFPID-2461398",
          "CSAFPID-2461391",
          "CSAFPID-2461940",
          "CSAFPID-2461941",
          "CSAFPID-2461928",
          "CSAFPID-2461932",
          "CSAFPID-2461934",
          "CSAFPID-2461381",
          "CSAFPID-2461393",
          "CSAFPID-2461400",
          "CSAFPID-2461380",
          "CSAFPID-2461937",
          "CSAFPID-2461394",
          "CSAFPID-2461396",
          "CSAFPID-2461938",
          "CSAFPID-2461933",
          "CSAFPID-2461936",
          "CSAFPID-2461967",
          "CSAFPID-2461946",
          "CSAFPID-2461947",
          "CSAFPID-2461948",
          "CSAFPID-2461944",
          "CSAFPID-2461945",
          "CSAFPID-2461395",
          "CSAFPID-2461949",
          "CSAFPID-2461950",
          "CSAFPID-2461399",
          "CSAFPID-2461951",
          "CSAFPID-2461952",
          "CSAFPID-2461389",
          "CSAFPID-2461942",
          "CSAFPID-2461943",
          "CSAFPID-2461388",
          "CSAFPID-2461929",
          "CSAFPID-2461930",
          "CSAFPID-2461379",
          "CSAFPID-2461931",
          "CSAFPID-2461357",
          "CSAFPID-2461397",
          "CSAFPID-2461939",
          "CSAFPID-2461935",
          "CSAFPID-2461387"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-24983",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24983.json"
        }
      ],
      "title": "CVE-2025-24983"
    }
  ]
}

WID-SEC-W-2025-0537

Vulnerability from csaf_certbund - Published: 2025-03-11 23:00 - Updated: 2025-06-10 22:00

Summary

Microsoft Windows/Windows Server: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Windows ist ein Betriebssystem von Microsoft. Windows Server 2016 ist ein Betriebssystem von Microsoft. Windows Server 2019 ist ein Betriebssystem von Microsoft.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows 10, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows, Microsoft Windows Server 2022 und Microsoft Windows 11 ausnutzen, um beliebigen Programmcode auszuführen, seine Rechte zu erweitern, zu spoofen, Sicherheitsmaßnahmen zu umgehen, Informationen offenzulegen oder einen Denial of Service auszulösen .

Betroffene Betriebssysteme: - Windows

CVE-2024-9157

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-21180

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-21247

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24035

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24044

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24045

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24046

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24048

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24050

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24051

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24054

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24055

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24056

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24059

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24061

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24064

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24066

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24067

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24071

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24072

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24076

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24084

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24983

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24984

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24985

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24987

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24988

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24991

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24992

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24993

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24994

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24995

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24996

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-24997

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-25008

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-26633

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

CVE-2025-26645

Affected products

Known affected 7 products

Product	Identifier	Version
Microsoft Windows Server 2012 <6.2.9200.25368 Microsoft / Windows Server 2012		<6.2.9200.25368
Hitachi Virtual Storage Platform Hitachi	`cpe:/h:hitachi:virtual_storage_platform:-`	—
Microsoft Windows Server 2022 <10.0.20348.3270 Microsoft / Windows Server 2022		<10.0.20348.3270
Microsoft Windows Server 2019 <10.0.17763.7009 Microsoft / Windows Server 2019		<10.0.17763.7009
Microsoft Windows Server 2016 <10.0.14393.7876 Microsoft / Windows Server 2016		<10.0.14393.7876
Microsoft Windows 10 <10.0.10240.20947 Microsoft / Windows 10		<10.0.10240.20947
Microsoft Windows Server 2012 R2 <6.3.9600.22470 Microsoft / Windows Server 2012 R2		<6.3.9600.22470

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external
https://github.com/0x6rss/CVE-2025-24071_PoC	external
https://www.hitachi.com/products/it/storage-solut…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Windows ist ein Betriebssystem von Microsoft.\r\nWindows Server 2016 ist ein Betriebssystem von Microsoft.\r\nWindows Server 2019 ist ein Betriebssystem von Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Windows Server, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows 10, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows, Microsoft Windows Server 2022 und Microsoft Windows 11 ausnutzen, um beliebigen Programmcode auszuf\u00fchren, seine Rechte zu erweitern, zu spoofen, Sicherheitsma\u00dfnahmen zu umgehen, Informationen offenzulegen oder einen Denial of Service auszul\u00f6sen .",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0537 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0537.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0537 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0537"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "CVE-2025-24071 PoC vom 2025-03-19",
        "url": "https://github.com/0x6rss/CVE-2025-24071_PoC"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-304 vom 2025-06-10",
        "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2025/04.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Windows/Windows Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-11T06:28:06.472+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0537",
      "initial_release_date": "2025-03-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Anpassung Titel"
        },
        {
          "date": "2025-03-19T23:00:00.000+00:00",
          "number": "3",
          "summary": "PoC f\u00fcr CVE-2025-24071 aufgenommen"
        },
        {
          "date": "2025-06-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von HITACHI aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Virtual Storage Platform",
            "product": {
              "name": "Hitachi Virtual Storage Platform",
              "product_id": "T011055",
              "product_identification_helper": {
                "cpe": "cpe:/h:hitachi:virtual_storage_platform:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "App Client for Desktop",
                "product": {
                  "name": "Microsoft Windows App Client for Desktop",
                  "product_id": "T021063",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows:update_assistant"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Remote Desktop client for Desktop",
                "product": {
                  "name": "Microsoft Windows Remote Desktop client for Desktop",
                  "product_id": "T038109",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows:remote_desktop_client_for_desktop"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Version 1607",
                "product": {
                  "name": "Microsoft Windows 10 Version 1607",
                  "product_id": "T041079",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_1607"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 1809",
                "product": {
                  "name": "Microsoft Windows 10 Version 1809",
                  "product_id": "T041080",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_1809"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 21H2",
                "product": {
                  "name": "Microsoft Windows 10 Version 21H2",
                  "product_id": "T041083",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_21h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 22H2",
                "product": {
                  "name": "Microsoft Windows 10 Version 22H2",
                  "product_id": "T041085",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:version_22h2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.10240.20947",
                "product": {
                  "name": "Microsoft Windows 10 \u003c10.0.10240.20947",
                  "product_id": "T041761"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.10240.20947",
                "product": {
                  "name": "Microsoft Windows 10 10.0.10240.20947",
                  "product_id": "T041761-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_10:10.0.10240.20947"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 10"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Version 22H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 22H2",
                  "product_id": "T041084",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:version_22h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 23H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 23H2",
                  "product_id": "T041086",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:version_23h2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Version 24H2",
                "product": {
                  "name": "Microsoft Windows 11 Version 24H2",
                  "product_id": "T041088",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_11:version_24h2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2008 R2 SP1",
                "product": {
                  "name": "Microsoft Windows Server 2008 R2 SP1",
                  "product_id": "T041073",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server:2008_r2_sp1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2008 SP2",
                "product": {
                  "name": "Microsoft Windows Server 2008 SP2",
                  "product_id": "T041074",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server:2008_sp2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2025",
                "product": {
                  "name": "Microsoft Windows Server 2025",
                  "product_id": "T041089",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server:2025"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.2.9200.25368",
                "product": {
                  "name": "Microsoft Windows Server 2012 \u003c6.2.9200.25368",
                  "product_id": "T041758"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.9200.25368",
                "product": {
                  "name": "Microsoft Windows Server 2012 6.2.9200.25368",
                  "product_id": "T041758-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2012:6.2.9200.25368"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.3.9600.22470",
                "product": {
                  "name": "Microsoft Windows Server 2012 R2 \u003c6.3.9600.22470",
                  "product_id": "T041760"
                }
              },
              {
                "category": "product_version",
                "name": "6.3.9600.22470",
                "product": {
                  "name": "Microsoft Windows Server 2012 R2 6.3.9600.22470",
                  "product_id": "T041760-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2012_r2:6.3.9600.22470"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2012 R2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.14393.7876",
                "product": {
                  "name": "Microsoft Windows Server 2016 \u003c10.0.14393.7876",
                  "product_id": "T041762"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.14393.7876",
                "product": {
                  "name": "Microsoft Windows Server 2016 10.0.14393.7876",
                  "product_id": "T041762-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2016:10.0.14393.7876"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.17763.7009",
                "product": {
                  "name": "Microsoft Windows Server 2019 \u003c10.0.17763.7009",
                  "product_id": "T041763"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.17763.7009",
                "product": {
                  "name": "Microsoft Windows Server 2019 10.0.17763.7009",
                  "product_id": "T041763-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2019:10.0.17763.7009"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2019"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "23H2 Edition",
                "product": {
                  "name": "Microsoft Windows Server 2022 23H2 Edition",
                  "product_id": "T041087",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:23h2_edition"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.20348.3270",
                "product": {
                  "name": "Microsoft Windows Server 2022 \u003c10.0.20348.3270",
                  "product_id": "T041764"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.20348.3270",
                "product": {
                  "name": "Microsoft Windows Server 2022 10.0.20348.3270",
                  "product_id": "T041764-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:windows_server_2022:10.0.20348.3270"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2022"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-9157",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2024-9157"
    },
    {
      "cve": "CVE-2025-21180",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-21180"
    },
    {
      "cve": "CVE-2025-21247",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-21247"
    },
    {
      "cve": "CVE-2025-24035",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24035"
    },
    {
      "cve": "CVE-2025-24044",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24044"
    },
    {
      "cve": "CVE-2025-24045",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24045"
    },
    {
      "cve": "CVE-2025-24046",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24046"
    },
    {
      "cve": "CVE-2025-24048",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24048"
    },
    {
      "cve": "CVE-2025-24050",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24050"
    },
    {
      "cve": "CVE-2025-24051",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24051"
    },
    {
      "cve": "CVE-2025-24054",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24054"
    },
    {
      "cve": "CVE-2025-24055",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24055"
    },
    {
      "cve": "CVE-2025-24056",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24056"
    },
    {
      "cve": "CVE-2025-24059",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24059"
    },
    {
      "cve": "CVE-2025-24061",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24061"
    },
    {
      "cve": "CVE-2025-24064",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24064"
    },
    {
      "cve": "CVE-2025-24066",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24066"
    },
    {
      "cve": "CVE-2025-24067",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24067"
    },
    {
      "cve": "CVE-2025-24071",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24071"
    },
    {
      "cve": "CVE-2025-24072",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24072"
    },
    {
      "cve": "CVE-2025-24076",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24076"
    },
    {
      "cve": "CVE-2025-24084",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24084"
    },
    {
      "cve": "CVE-2025-24983",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24983"
    },
    {
      "cve": "CVE-2025-24984",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24984"
    },
    {
      "cve": "CVE-2025-24985",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24985"
    },
    {
      "cve": "CVE-2025-24987",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24987"
    },
    {
      "cve": "CVE-2025-24988",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24988"
    },
    {
      "cve": "CVE-2025-24991",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24991"
    },
    {
      "cve": "CVE-2025-24992",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24992"
    },
    {
      "cve": "CVE-2025-24993",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24993"
    },
    {
      "cve": "CVE-2025-24994",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24994"
    },
    {
      "cve": "CVE-2025-24995",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24995"
    },
    {
      "cve": "CVE-2025-24996",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24996"
    },
    {
      "cve": "CVE-2025-24997",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-24997"
    },
    {
      "cve": "CVE-2025-25008",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-25008"
    },
    {
      "cve": "CVE-2025-26633",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-26633"
    },
    {
      "cve": "CVE-2025-26645",
      "product_status": {
        "known_affected": [
          "T041758",
          "T011055",
          "T041764",
          "T041763",
          "T041762",
          "T041761",
          "T041760"
        ]
      },
      "release_date": "2025-03-11T23:00:00.000+00:00",
      "title": "CVE-2025-26645"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Product	Identifier	Version	Remediation
vers:unknown/1.2.0.0\|<1.2.6017.0 Microsoft / Remote Desktop client for Windows Desktop		vers:unknown/1.2.0.0\|<1.2.6017.0
vers:unknown/unknown Microsoft / Windows		vers:unknown/unknown
vers:microsoft/10.0.10240.20947 x64 Microsoft / Microsoft / Windows 10 1507		vers:microsoft/10.0.10240.20947 x64
vers:microsoft/10.0.10240.20947 x86 Microsoft / Microsoft / Windows 10 1507		vers:microsoft/10.0.10240.20947 x86
vers:microsoft/10.0.14393.7876 x64 Microsoft / Microsoft / Windows 10 1607		vers:microsoft/10.0.14393.7876 x64
vers:microsoft/10.0.14393.7876 x86 Microsoft / Microsoft / Windows 10 1607		vers:microsoft/10.0.14393.7876 x86
vers:microsoft/10.0.17763.7009 x64 Microsoft / Microsoft / Windows 10 1809		vers:microsoft/10.0.17763.7009 x64
vers:microsoft/10.0.17763.7009 x86 Microsoft / Microsoft / Windows 10 1809		vers:microsoft/10.0.17763.7009 x86
vers:microsoft/10.0.19044.5608 arm Microsoft / Microsoft / Windows 10 21h2		vers:microsoft/10.0.19044.5608 arm
vers:microsoft/10.0.19044.5608 x64 Microsoft / Microsoft / Windows 10 21h2		vers:microsoft/10.0.19044.5608 x64
vers:microsoft/10.0.19044.5608 x86 Microsoft / Microsoft / Windows 10 21h2		vers:microsoft/10.0.19044.5608 x86
vers:microsoft/10.0.19045.5608 arm Microsoft / Microsoft / Windows 10 22h2		vers:microsoft/10.0.19045.5608 arm
vers:microsoft/10.0.19045.5608 x64 Microsoft / Microsoft / Windows 10 22h2		vers:microsoft/10.0.19045.5608 x64
vers:microsoft/10.0.19045.5608 x86 Microsoft / Microsoft / Windows 10 22h2		vers:microsoft/10.0.19045.5608 x86
vers:unknown/10.0.10240.0\|<10.0.10240.20947 Microsoft / Windows 10 Version 1507		vers:unknown/10.0.10240.0\|<10.0.10240.20947
vers:unknown/10.0.14393.0\|<10.0.14393.7876 Microsoft / Windows 10 Version 1607		vers:unknown/10.0.14393.0\|<10.0.14393.7876
vers:unknown/10.0.17763.0\|<10.0.17763.7009 Microsoft / Windows 10 Version 1809		vers:unknown/10.0.17763.0\|<10.0.17763.7009
vers:unknown/10.0.19043.0\|<10.0.19044.5608 Microsoft / Windows 10 Version 21H2		vers:unknown/10.0.19043.0\|<10.0.19044.5608
vers:unknown/10.0.19045.0\|<10.0.19045.5608 Microsoft / Windows 10 Version 22H2		vers:unknown/10.0.19045.0\|<10.0.19045.5608
vers:microsoft/10.0.22621.5039 arm Microsoft / Microsoft / Windows 11 22H2		vers:microsoft/10.0.22621.5039 arm
vers:microsoft/10.0.22621.5039 x64 Microsoft / Microsoft / Windows 11 22H2		vers:microsoft/10.0.22621.5039 x64
vers:microsoft/10.0.22631.5039 arm Microsoft / Microsoft / Windows 11 23H2		vers:microsoft/10.0.22631.5039 arm
vers:microsoft/10.0.22631.5039 x64 Microsoft / Microsoft / Windows 11 23H2		vers:microsoft/10.0.22631.5039 x64
vers:unknown/10.0.22631.0\|<10.0.22631.5039 Microsoft / Windows 11 Version 23H2		vers:unknown/10.0.22631.0\|<10.0.22631.5039
vers:microsoft/10.0.26100.3476 arm Microsoft / Microsoft / Windows 11 Version 24H2		vers:microsoft/10.0.26100.3476 arm
vers:microsoft/10.0.26100.3476 x64 Microsoft / Microsoft / Windows 11 Version 24H2		vers:microsoft/10.0.26100.3476 x64
vers:unknown/10.0.26100.0\|<10.0.26100.3476 Microsoft / Windows 11 Version 24H2		vers:unknown/10.0.26100.0\|<10.0.26100.3476
vers:unknown/10.0.22621.0\|<10.0.22621.5039 Microsoft / Windows 11 version 22H2		vers:unknown/10.0.22621.0\|<10.0.22621.5039
vers:unknown/10.0.22631.0\|<10.0.22631.5039 Microsoft / Windows 11 version 22H3		vers:unknown/10.0.22631.0\|<10.0.22631.5039
vers:unknown/1.00\|<2.0.365.0 Microsoft / Windows App Client for Windows Desktop		vers:unknown/1.00\|<2.0.365.0
vers:unknown/6.0.6003.0\|<6.0.6003.23168 Microsoft / Windows Server 2008 Service Pack 2		vers:unknown/6.0.6003.0\|<6.0.6003.23168
vers:unknown/6.1.7601.0\|<6.1.7601.27618 Microsoft / Windows Server 2008 R2 Service Pack 1		vers:unknown/6.1.7601.0\|<6.1.7601.27618
vers:unknown/6.1.7601.0\|<6.1.7601.27618 Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)		vers:unknown/6.1.7601.0\|<6.1.7601.27618
vers:unknown/6.0.6003.0\|<6.0.6003.23168 Microsoft / Windows Server 2008 Service Pack 2		vers:unknown/6.0.6003.0\|<6.0.6003.23168
vers:unknown/6.0.6003.0\|<6.0.6003.23168 Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)		vers:unknown/6.0.6003.0\|<6.0.6003.23168
vers:microsoft/6.2.9200.25368 x64 Microsoft / Microsoft / Windows Server 2012		vers:microsoft/6.2.9200.25368 x64
vers:unknown/6.2.9200.0\|<6.2.9200.25368 Microsoft / Windows Server 2012		vers:unknown/6.2.9200.0\|<6.2.9200.25368
vers:unknown/6.2.9200.0\|<6.2.9200.25368 Microsoft / Windows Server 2012 (Server Core installation)		vers:unknown/6.2.9200.0\|<6.2.9200.25368
vers:microsoft/6.3.9600.22470 x64 Microsoft / Microsoft / Windows Server 2012 R2		vers:microsoft/6.3.9600.22470 x64
vers:unknown/6.3.9600.0\|<6.3.9600.22470 Microsoft / Windows Server 2012 R2		vers:unknown/6.3.9600.0\|<6.3.9600.22470
vers:unknown/6.3.9600.0\|<6.3.9600.22470 Microsoft / Windows Server 2012 R2 (Server Core installation)		vers:unknown/6.3.9600.0\|<6.3.9600.22470
vers:microsoft/10.0.14393.7876 x64 Microsoft / Microsoft / Windows Server 2016		vers:microsoft/10.0.14393.7876 x64
vers:unknown/10.0.14393.0\|<10.0.14393.7876 Microsoft / Windows Server 2016		vers:unknown/10.0.14393.0\|<10.0.14393.7876
vers:unknown/10.0.14393.0\|<10.0.14393.7876 Microsoft / Windows Server 2016 (Server Core installation)		vers:unknown/10.0.14393.0\|<10.0.14393.7876
vers:microsoft/10.0.17763.7009 x64 Microsoft / Microsoft / Windows Server 2019		vers:microsoft/10.0.17763.7009 x64
vers:unknown/10.0.17763.0\|<10.0.17763.7009 Microsoft / Windows Server 2019		vers:unknown/10.0.17763.0\|<10.0.17763.7009
vers:unknown/10.0.17763.0\|<10.0.17763.7009 Microsoft / Windows Server 2019 (Server Core installation)		vers:unknown/10.0.17763.0\|<10.0.17763.7009
vers:microsoft/10.0.20348.3328 x64 Microsoft / Microsoft / Windows Server 2022		vers:microsoft/10.0.20348.3328 x64
vers:unknown/10.0.20348.0\|<10.0.20348.3328 Microsoft / Windows Server 2022		vers:unknown/10.0.20348.0\|<10.0.20348.3328
vers:unknown/10.0.25398.0\|<10.0.25398.1486 Microsoft / Windows Server 2022, 23H2 Edition (Server Core installation)		vers:unknown/10.0.25398.0\|<10.0.25398.1486
vers:microsoft/10.0.26100.3476 x64 Microsoft / Microsoft / Windows Server 2025		vers:microsoft/10.0.26100.3476 x64
vers:unknown/10.0.26100.0\|<10.0.26100.3476 Microsoft / Windows Server 2025		vers:unknown/10.0.26100.0\|<10.0.26100.3476
vers:unknown/10.0.26100.0\|<10.0.26100.3476 Microsoft / Windows Server 2025 (Server Core installation)		vers:unknown/10.0.26100.0\|<10.0.26100.3476
vers:microsoft/10.0.25398.1486 x64 Microsoft / Microsoft / Windows Server 23H2		vers:microsoft/10.0.25398.1486 x64

Action not permitted

CVE-2025-24084 (GCVE-0-2025-24084)

BDU:2025-02710

CERTFR-2025-AVI-0193

Solutions

FKIE_CVE-2025-24084

GHSA-JFX8-97FX-6VFQ

MSRC_CVE-2025-24084

NCSC-2025-0078

WID-SEC-W-2025-0537

Tags

Sightings

Nomenclature