8.1
CVE-2025-49735
- EPSS 0.17%
- Published 08.07.2025 16:57:25
- Last modified 10.07.2025 13:18:53
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorMicrosoft
≫
Product
Windows Server 2019
Version <
10.0.17763.7434
Version
10.0.17763.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2019 (Server Core installation)
Version <
10.0.17763.7434
Version
10.0.17763.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2022
Version <
10.0.20348.3807
Version
10.0.20348.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2025 (Server Core installation)
Version <
10.0.26200.4349
Version
10.0.26100.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2022, 23H2 Edition (Server Core installation)
Version <
10.0.25398.1665
Version
10.0.25398.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2025
Version <
10.0.26200.4349
Version
10.0.26100.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2016
Version <
10.0.14393.8148
Version
10.0.14393.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2016 (Server Core installation)
Version <
10.0.14393.8148
Version
10.0.14393.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2012
Version <
6.2.9200.25522
Version
6.2.9200.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2012 (Server Core installation)
Version <
6.2.9200.25522
Version
6.2.9200.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2012 R2
Version <
6.3.9600.22620
Version
6.3.9600.0
Status
affected
VendorMicrosoft
≫
Product
Windows Server 2012 R2 (Server Core installation)
Version <
6.3.9600.22620
Version
6.3.9600.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.385 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.