8.1
CVE-2025-29828
- EPSS 1.11%
- Veröffentlicht 10.06.2025 17:02:06
- Zuletzt bearbeitet 10.07.2025 13:50:16
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Windows Schannel Remote Code Execution Vulnerability
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.5472
Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.5472
Microsoft ≫ Windows 11 24h2 Version < 10.0.26100.4270
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.3745
Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1665
Microsoft ≫ Windows Server 2025 Version < 10.0.26100.4270
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.11% | 0.617 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29828