CVE-2025-55332
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55326
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
CVE-2025-53150
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-50175
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49708
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2025-48813
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVE-2025-55236
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-55224
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-55223
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-54919
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2025-54115
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54092
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-53807
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53721
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53716
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVE-2025-53151
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-53131
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-50172
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
CVE-2025-50170
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49733
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.