Analyst command view

MSRC Driver CVE Board

Latest-state board for filtered MSRC CVEs from 2020-01-01 to today, tuned for fast triage across module, CWE, release window, exploitation signal, and acknowledgement context.

Live snapshot

Last Sync

2026-05-20T07:39:30Z

Freshness

1 day(s) ago

Refresh Policy

24h baseline + release watch

Storage

Latest snapshot only

Rows In View

4933

Current result set after filter and search.

Exploited Flagged

4189

Rows with a non-empty exploitation signal.

Distinct CWE

162

Unique weakness classes in this view.

Modules

1528

Unique inferred driver or component labels.

Module

CWE

Rows

Sort

Actions

Reset

Top CWE

162 classes

Unspecified2109 CWE-416: Use After Free443 CWE-122: Heap-based Buffer Overflow354 CWE-125: Out-of-bounds Read269 CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')147 CWE-20: Improper Input Validation142 CWE-190: Integer Overflow or Wraparound127 CWE-476: NULL Pointer Dereference126

Top Modules

1528 modules

Windows Kernel220 Windows Routing and Remote Access Service (RRAS)111 Windows Hyper-V101 Win32k100 Windows Graphics Component89 Windows Print Spooler69 Remote Procedure Call Runtime67 Microsoft Message Queuing (MSMQ)63

Release Month

December 2025

32 CVE | last update 1 day(s) ago

Release 2025-12-09 Patch Tuesday Count 31

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-62221	Windows Cloud Files Mini Filter Driver Exploitation Detected	CWE-416: Use After Free	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	Yes	Reported By Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC)
CVE-2025-62569	Microsoft Brokering File System Exploitation Less Likely	CWE-416: Use After Free	Microsoft Brokering File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By hazard
CVE-2025-62573	DirectX Graphics Kernel Exploitation Less Likely	CWE-416: Use After Free CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	DirectX Graphics Kernel Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By cyanbamboo and b2ahex
CVE-2025-64661	Windows Shell Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows Shell Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Anonymous
CVE-2025-64658	Windows File Explorer Exploitation Less Likely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Windows File Explorer Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Taeω02 Anonymous
CVE-2025-62469	Microsoft Brokering File System Exploitation Unlikely	CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-415: Double Free	Microsoft Brokering File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By hazard
CVE-2025-59516	Windows Storage VSP Driver Exploitation More Likely	CWE-306: Missing Authentication for Critical Function CWE-73: External Control of File Name or Path	Windows Storage VSP Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2025-64673	Windows Storage VSP Driver Exploitation Less Likely	CWE-284: Improper Access Control	Windows Storage VSP Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2025-59517	Windows Storage VSP Driver Exploitation More Likely	CWE-284: Improper Access Control	Windows Storage VSP Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Ezrak1e Angelboy (@scwuaptx) with DEVCORE
CVE-2025-62474	Windows Remote Access Connection Manager Exploitation Less Likely	CWE-284: Improper Access Control	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC)
CVE-2025-62570	Windows Camera Frame Server Monitor Exploitation Less Likely	CWE-284: Improper Access Control	Windows Camera Frame Server Monitor Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C	2025-12-09	No	Reported By Francisco José Carot Ripollés (RipFran) with KPMG Spain
CVE-2025-64669	Windows Admin Center Exploitation Less Likely	CWE-284: Improper Access Control	Windows Admin Center Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Andrea Pierini with Semperis Ilan Kalendarov with Cymulate Elad Beber with Cymulate Ben Zamir with Cymulate
CVE-2025-62571	Windows Installer Exploitation Less Likely	CWE-20: Improper Input Validation	Windows Installer Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By JaGoTu with DCIT, a.s.
CVE-2025-62455	Microsoft Message Queuing (MSMQ) Exploitation Less Likely	CWE-20: Improper Input Validation	Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By T0
CVE-2025-64670	Windows DirectX Exploitation Less Likely	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	Windows DirectX Information Disclosure Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2025-12-09	No	Reported By cyanbamboo and b2ahex
CVE-2025-62567	Windows Hyper-V Exploitation Unlikely	CWE-191: Integer Underflow (Wrap or Wraparound)	Windows Hyper-V Denial of Service Vulnerability CVSS vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Mitchell Turner with Prelude Research https://x.com/33y0re Connor McGarr with https://www.preludesecurity.com Prelude Research
CVE-2025-62467	Windows Projected File System Exploitation Less Likely	CWE-190: Integer Overflow or Wraparound CWE-126: Buffer Over-read	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By ChenJian with Sea Security Orca Team
CVE-2025-62473	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-126: Buffer Over-read	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2025-12-09	No	Reported By Anonymous
CVE-2025-62464	Windows Projected File System Exploitation Less Likely	CWE-126: Buffer Over-read	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By ChenJian with Sea Security Orca Team
CVE-2025-62462	Windows Projected File System Exploitation Unlikely	CWE-126: Buffer Over-read	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By ChenJian with Sea Security Orca Team
CVE-2025-62461	Windows Projected File System Exploitation Less Likely	CWE-126: Buffer Over-read	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By ChenJian with Sea Security Orca Team
CVE-2025-55233	Windows Projected File System Exploitation Unlikely	CWE-125: Out-of-bounds Read	Windows Projected File System Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By ChenJian with Sea Security Orca Team
CVE-2025-62457	Windows Cloud Files Mini Filter Driver Exploitation Unlikely	CWE-125: Out-of-bounds Read	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By haowei yan(jingdong dawnslab)
CVE-2025-62572	Application Information Service Exploitation Less Likely	CWE-125: Out-of-bounds Read	Application Information Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Pwnforr777
CVE-2025-64678	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-122: Heap-based Buffer Overflow	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Anonymous
CVE-2025-62456	Windows Resilient File System (ReFS) Exploitation Unlikely	CWE-122: Heap-based Buffer Overflow	Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVSS vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Thunder_J
CVE-2025-64680	Windows DWM Core Library Exploitation Less Likely	CWE-122: Heap-based Buffer Overflow	Windows DWM Core Library Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By namnp with Viettel Cyber Security
CVE-2025-64679	Windows DWM Core Library Exploitation Less Likely	CWE-122: Heap-based Buffer Overflow	Windows DWM Core Library Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By namnp with Viettel Cyber Security
CVE-2025-62470	Windows Common Log File System Driver Exploitation More Likely	CWE-122: Heap-based Buffer Overflow	Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By haowei yan(jingdong dawnslab) 0rb1t with None
CVE-2025-62454	Windows Cloud Files Mini Filter Driver Exploitation More Likely	CWE-122: Heap-based Buffer Overflow	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By haowei yan(jingdong dawnslab)
CVE-2025-62458	Win32k Exploitation More Likely	CWE-122: Heap-based Buffer Overflow	Win32k Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-12-09	No	Reported By Marcin Wiazowski working with Trend Zero Day Initiative

Release 2025-12-05 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-66476	Vim for Windows Uncontrolled Search Path Element No latest release note	CWE-427: Uncontrolled Search Path Element	Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability CVSS vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2025-12-05	-	-

Release Month

November 2025

18 CVE | last update 1 day(s) ago

Release 2025-11-27 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2018-19797	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a No latest release note	CWE-476: NULL Pointer Dereference	In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. No CVSS vector published	2025-11-27	-	-
CVE-2018-19827	In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a No latest release note	CWE-416: Use After Free	In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. No CVSS vector published	2025-11-27	-	-

Release 2025-11-21 Other / OOB Count 2

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-11230	HAProxy mjson library No latest release note	CWE-407: Inefficient Algorithmic Complexity	Denial of service vulnerability in HAProxy mjson library CVSS vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2025-11-21	-	-
CVE-2025-13193	Libvirt No latest release note	CWE-276: Incorrect Default Permissions	Libvirt: information disclosure via world-readable vm snapshots CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2025-11-21	-	-

Release 2025-11-20 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-64655	Dynamics OmniChannel SDK Storage Containers Exploitation More Likely	CWE-285: Improper Authorization	Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-20	No	Reported By Vaisha Bernard with Eye Security

Release 2025-11-15 Other / OOB Count 1

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-12748	Libvirt No latest release note	CWE-770: Allocation of Resources Without Limits or Throttling	Libvirt: denial of service in xml parsing CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2025-11-15	-	-

Release 2025-11-11 Patch Tuesday Count 12

CVE	Module	CWE	Title Advisory text and compact technical context	Release	Exploited	Acknowledgement
CVE-2025-30398	Nuance PowerScribe 360 Exploitation Less Likely	CWE-862: Missing Authorization	Nuance PowerScribe 360 Information Disclosure Vulnerability CVSS vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C	2025-11-11	No	Reported By Brandon Kraycirik
CVE-2025-60713	Windows Routing and Remote Access Service (RRAS) Exploitation Unlikely	CWE-822: Untrusted Pointer Dereference	Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Ezrak1e
CVE-2025-60703	Windows Remote Desktop Services Exploitation Unlikely	CWE-822: Untrusted Pointer Dereference	Windows Remote Desktop Services Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Jongseong Kim (nevul37) with ENKI WhiteHat Dongjun Kim (smlijun) with ENKI WhiteHat
CVE-2025-60719	Windows Ancillary Function Driver for WinSock Exploitation More Likely	CWE-822: Untrusted Pointer Dereference	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Angelboy (@scwuaptx) with DEVCORE
CVE-2025-60708	Storvsp.sys Driver Exploitation Less Likely	CWE-822: Untrusted Pointer Dereference	Storvsp.sys Driver Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Valter Wik with Cparta Cyber Defense AB Valter Mann with Cparta Cyber Defense AB
CVE-2025-59511	Windows WLAN Service Exploitation Less Likely	CWE-73: External Control of File Name or Path	Windows WLAN Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By T0
CVE-2025-59510	Windows Routing and Remote Access Service (RRAS) Exploitation Less Likely	CWE-59: Improper Link Resolution Before File Access ('Link Following')	Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Filip Dragović
CVE-2025-60710	Host Process for Windows Tasks Exploitation Less Likely	CWE-59: Improper Link Resolution Before File Access ('Link Following')	Host Process for Windows Tasks Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Filip Dragović Joel Land of CISA Vulnerability Response and Coordination Aobo Wang @2st___ of Diffract Thanatos Tian of Diffract R4nger with Kunlun Lab Zhiniang Peng with HUST
CVE-2025-62209	Windows License Manager Exploitation Less Likely	CWE-532: Insertion of Sensitive Information into Log File	Windows License Manager Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2025-11-11	No	Reported By Aobo Wang
CVE-2025-62208	Windows License Manager Exploitation Less Likely	CWE-532: Insertion of Sensitive Information into Log File	Windows License Manager Information Disclosure Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C	2025-11-11	No	Reported By Aobo Wang Pwnforr777
CVE-2025-60718	Windows Administrator Protection Exploitation Less Likely	CWE-426: Untrusted Search Path	Windows Administrator Protection Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By James Forshaw with Google Project Zero
CVE-2025-60717	Windows Broadcast DVR User Service Exploitation Less Likely	CWE-416: Use After Free	Windows Broadcast DVR User Service Elevation of Privilege Vulnerability CVSS vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C	2025-11-11	No	Reported By Anonymous Hwiwon Lee (hwiwonl), SEC-agent team Jongseong Kim (nevul37), SEC-agent team