Security Vulnerabilities - CVEs Published In April 2025
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
CVSS Score
6.5
EPSS Score
0.024
Published
2025-04-08
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.023
Published
2025-04-08
Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.073
Published
2025-04-08
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-04-08
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-04-08
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2025-04-08
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.359
Published
2025-04-08
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2025-04-08
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.
CVSS Score
2.8
EPSS Score
0.001
Published
2025-04-08
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-04-08