Security Vulnerabilities - CVEs Published In September 2025
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
CVSS Score
4.8
EPSS Score
0.002
Published
2025-09-09
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-09-09
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.003
Published
2025-09-09
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVSS Score
6.5
EPSS Score
0.004
Published
2025-09-09
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.003
Published
2025-09-09
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-09-09
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-09-09