CVE-2025-29971

Published: May 13, 2025Modified: May 19, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: secure@microsoft.com (Secondary)

Description

Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.

Affected (6)

Products: Microsoft: Windows 11 22h2, Windows 11 23h2, Windows 11 24h2

3 products

Windows 11 22h2

Windows 11 23h2

Windows 11 24h2

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 11 22h2	Before 10.0.22621.5335
Microsoft Windows 11 22h2	Before 10.0.22621.5335
Microsoft Windows 11 23h2	Before 10.0.22631.5335
Microsoft Windows 11 23h2	Before 10.0.22631.5335
Microsoft Windows 11 24h2	Before 10.0.26100.4061
Microsoft Windows 11 24h2	Before 10.0.26100.4061

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29971

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.