CVE-2025-29974
5/13/2025 5:15:58 PM
19 روز قبل
13 روز قبل
2
Reporter :secure@microsoft.com
Modified :5/13/2025 5:15:58 PM
Problem Data :CWE-125,CWE-191
Description
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
Cvss Version 3.1
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
| Attack Vector | Adjacent Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
EPSS
| Epss Score | 0.00068 |
|---|---|
| Epss Percentile | 0.2137 |
ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.
پیشنهادات:
- به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
- از بروزرسانی های آتی این آسیب پذیری مطلع شوید.
Affected Products (Configurations)
| CPE | Vendor | Product | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* | microsoft | windows_11_24h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* | microsoft | windows_10_1809 | * | * |
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | microsoft | windows_server_2008 | r2 | sp1 |
| cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* | microsoft | windows_server_2016 | * | * |
| cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:* | microsoft | windows_11_22h2 | * | * |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* | microsoft | windows_11_23h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* | microsoft | windows_10_21h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* | microsoft | windows_10_1607 | * | * |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* | microsoft | windows_10_21h2 | * | * |
| cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* | microsoft | windows_11_24h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* | microsoft | windows_10_1607 | * | * |
| cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* | microsoft | windows_server_2008 | - | sp2 |
| cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* | microsoft | windows_server_2022_23h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* | microsoft | windows_10_21h2 | * | * |
| cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* | microsoft | windows_11_22h2 | * | * |
| cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* | microsoft | windows_11_23h2 | * | * |
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | microsoft | windows_server_2012 | r2 | * |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* | microsoft | windows_10_1809 | * | * |
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* | microsoft | windows_10_1507 | * | * |
| cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* | microsoft | windows_server_2019 | * | * |
| cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* | microsoft | windows_server_2025 | * | * |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* | microsoft | windows_10_22h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* | microsoft | windows_10_22h2 | * | * |
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* | microsoft | windows_10_1507 | * | * |
| cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* | microsoft | windows_10_22h2 | * | * |
| cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* | microsoft | windows_server_2022 | * | * |
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | microsoft | windows_server_2012 | - | * |
Reference
| لینک | منبع | تگ ها |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29974 | Vendor Advisory |