Multiple vulnerabilities in Microsoft Windows Digital Media
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2025-21260 CVE-2025-21265 CVE-2025-21263 CVE-2025-21229 CVE-2025-21324 CVE-2025-21341 CVE-2025-21261 CVE-2025-21327 CVE-2025-21258 CVE-2025-21310 CVE-2025-21232 CVE-2025-21226 CVE-2025-21255 CVE-2025-21227 CVE-2025-21228 CVE-2025-21256 CVE-2025-21249 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU102637
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21260
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21260
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU102656
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21265
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21265
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU102655
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21263
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21263
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU102654
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21229
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2012 Gold - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21229
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU102653
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21324
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21324
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU102652
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21341
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21341
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU102651
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21261
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21261
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU102650
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21327
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21327
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU102648
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21258
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21258
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU102647
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21310
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21310
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU102646
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21232
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21232
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU102643
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21226
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21226
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU102642
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21255
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21255
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU102641
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21227
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21227
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU102640
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21228
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21228
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU102639
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21256
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21256
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU102638
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21249
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition in Windows Digital Media. An authenticated attacker with physical access can plug in a malicious USB drive, trigger an out-of-bounds read error and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.2894
Windows Server: 2008 R2 SP1 - 2025 10.0.26100.2605
CPE2.3- cpe:2.3:o:microsoft:windows:10_21H2:10.0.19044.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_22H2:10.0.19045.5247:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1507:10.0.10240.20857:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7606:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.6659:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.4602:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.2894:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:6.0.6003.23016:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:6.2.9200.25222:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.7699:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1308:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.2605:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-21249
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
