CVE-2025-32701 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoft	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
microsoft	windows_10_1507	𝑥 < 10.0.10240.21014
microsoft	windows_10_1607	𝑥 < 10.0.14393.8066
microsoft	windows_10_1809	𝑥 < 10.0.17763.7314
microsoft	windows_10_1809	𝑥 < 10.0.17763.7314
microsoft	windows_10_21h2	𝑥 < 10.0.19044.5854
microsoft	windows_10_22h2	𝑥 < 10.0.19045.5854
microsoft	windows_11_22h2	𝑥 < 10.0.22621.5335
microsoft	windows_11_23h2	𝑥 < 10.0.22631.5335
microsoft	windows_11_24h2	𝑥 < 10.0.26100.4061
microsoft	windows_server_2008	-
microsoft	windows_server_2012	-
microsoft	windows_server_2016	𝑥 < 10.0.14393.8066
microsoft	windows_server_2019	𝑥 < 10.0.17763.7314
microsoft	windows_server_2022	𝑥 < 10.0.20348.3692
microsoft	windows_server_2022_23h2	𝑥 < 10.0.25398.1611
microsoft	windows_server_2025	𝑥 < 10.0.26100.4061

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Patchday: Angreifer attackieren Windows über fünf Sicherheitslücken
Microsoft hat wichtige Sicherheitsupdates für unter anderem Azure, Office und Windows veröffentlicht. Angreifer nutzen bereits Schwachstellen aus.
Published: 2025-05-14T07:05:00+00:00
[ENGLISH] Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
Published: 2025-05-14T13:44:00+05:30
[ENGLISH] ⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Cybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow.  Just fixing problems isn’t enough anymore—resilience needs to be built into everything from the ground up.
Published: 2025-05-19T15:30:00+05:30

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701