CVE-2025-26677

EPSS 14.06%
Veröffentlicht 13.05.2025 16:58:54
Zuletzt bearbeitet 19.05.2025 18:23:01
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2016 Version < 10.0.14393.8066

Microsoft ≫ Windows Server 2019 Version < 10.0.17763.7314

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.3692

Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1611

Microsoft ≫ Windows Server 2025 Version < 10.0.26100.4061

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.06%	0.941

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26677

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-26677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-26677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26677

EUVD