The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5032192. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5032192

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.9021

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2023/11/14, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5032192

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2600

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5040431. It is, therefore, affected by multiple vulnerabilities

- RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen- prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5040431

Critical

9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

8.6 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.9286

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/07/09, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5040431

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.3079

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5041592. It is, therefore, affected by multiple vulnerabilities

- An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS. This can allow an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. (CVE-2024-21302)

- A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. (CVE-2022-2601)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5041592

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.9006

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/08/13, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5041592

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.3147

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5043067. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)

- Microsoft Management Console Remote Code Execution Vulnerability (CVE-2024-38259)

- Windows Remote Access Connection Manager Elevation of Privilege Vulnerability (CVE-2024-38240)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5043067

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.1427

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/09/10, Modified: 2025/10/22

The remote host is missing one of the following rollup KBs :
- 5043067

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.3197

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-28 advisory.

- Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-4091)

- A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. (CVE-2025-4083)

- Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM- level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

- Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
Other versions of Firefox are unaffected. (CVE-2025-4082)

- An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 138.0 or later.

Critical

9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

7.9 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/04/29, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 138.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 138.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-36 advisory.

- An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. (CVE-2025-4919)

- An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object.
(CVE-2025-4918)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 138.0.4 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/05/17, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 138.0.4

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 139.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-47 advisory.

- An integer overflow was present in <code>OrderedHashTable</code> used by the JavaScript engine (CVE-2025-49710)

- Certain canvas operations could have lead to memory corruption. (CVE-2025-49709)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 139.0.4 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0004

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/06/10, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 139.0.4

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory.

- Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-6436)

- If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires a secure transport established without errors. (CVE-2025-6433)

- A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

- An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. (CVE-2025-6425)

- The executable file warning did not warn users before opening files with the <code>terminal</code>
extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
(CVE-2025-6426)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 140.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0004

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/06/24, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 140.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 141.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-56 advisory.

- Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-8044)

- On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack.
Baseline-JIT, however, read the entire 64 bits. (CVE-2025-8027)

- On arm64, a WASM <code>brtable</code> instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address.
(CVE-2025-8028)

- In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. (CVE-2025-8041)

- Firefox for Android allowed a sandboxed iframe without the <code>allow-downloads</code> attribute to start downloads. (CVE-2025-8042)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 141.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/07/22, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 141.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 142.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-64 advisory.

- Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-9187)

- An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process.
(CVE-2025-9179)

- Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180)

- Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181)

- Spoofing issue in the Address Bar component of Firefox Focus for Android. (CVE-2025-9186)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 142.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/19, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 142.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 144.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-81 advisory.

- Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
(CVE-2025-11721)

- Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

- A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. (CVE-2025-11709)

- A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. (CVE-2025-11710)

- There was a way to change the value of JavaScript Object properties that were supposed to be non- writeable. (CVE-2025-11711)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 144.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 144.0

A web browser installed on the remote Windows host is affected by a vulnerability.

The version of Firefox installed on the remote Windows host is prior to 144.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-86 advisory.

- Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. (CVE-2025-12380)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 144.0.2 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/10/28, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 144.0.2

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 145.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-87 advisory.

- Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-13027)

- Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. (CVE-2025-13023, CVE-2025-13026)

- Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. (CVE-2025-13021, CVE-2025-13022, CVE-2025-13025)

- Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. (CVE-2025-13012)

- Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. (CVE-2025-13016)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 145.0 or later.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.8 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0002

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/19

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 145.0

The remote host contains one or more unsupported applications from the Mozilla Foundation.

According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird, and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Upgrade to a version that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2009/07/24, Modified: 2024/12/30

Product : Mozilla Firefox
Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Latest version : 143.0.0
EOL URL : https://www.mozilla.org/en-US/firefox/releases/

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Denial of service vulnerability in Microsoft .NET Framework. (CVE-2023-36042, CVE-2024-21312)

- Security feature bypass in System.Data.SqlClient SQL data provider. An attacker can perform a man-in-the-middle attack on the connection between the client and server in order to read and modify the TLS traffic. (CVE-2024-0056)

- Security feature bypass in applications that use the X.509 chain building APIs. When processing an untrusted certificate with malformed signatures, the framework returns an incorrect reason code.
Applications which make use of this reason code may treat this scenario as a successful chain build, potentially bypassing the application's typical authentication logic. (CVE-2024-0057)

Microsoft has released security updates for Microsoft .NET Framework.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

9.0

0.0864

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/01/10, Modified: 2024/03/29

Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5033919

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.9195.0
Should be : 4.8.9214.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5033912

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from accessing internal applications in a website. (CVE-2023-36560)

- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands to the FTP server. (CVE-2023-36049)

- Information disclosure vulnerability in .NET Framework. An attacker can obtain the ObjRef URI which could lead to remote code execution. (CVE-2024-29059

Microsoft has released security updates for Microsoft .NET Framework.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.9385

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2023/11/16, Modified: 2025/02/04

Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5032006

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.9174
Should be : 2.0.50727.9175

11_2023 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.9195.0
Should be : 4.8.9206.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5031991

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.9174
Should be : 2.0.50727.9175

A compression utility installed on the remote Windows host is affected by multiple vulnerabilities.

The version of 7-Zip installed on the remote Windows host is below 23.00. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists in 7-zip due to an integer underflow. An unauthenticated, remote attacker can exploit this, by tricking a user into opening a specially crafted archive, to execute arbitrary code on the system. (CVE-2023-31102)

- A remote code execution vulnerability exists in 7-zip due to an out-of-bounds write. An unauthenticated, remote attacker can exploit this, by tricking a user into opening a specially crafted archive, to execute arbitrary code on the system. (CVE-2023-40481)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 23.00 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.374

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2023/08/31, Modified: 2024/11/22

Path : C:\Program Files\7-Zip
Installed version : 21.7.0.0
Fixed version : 23.00

The 7-zip instance installed on the remote host is affected by a heap based buffer overflow vulnerability.

The version of 7-Zip installed on the remote Windows host is below 24.01. It is, therefore, affected by multiple vulnerabilities:

- The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size:
buffer+512*i-2, for i=9, i=10, i=11, etc. (CVE-2023-52168)

- The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. (CVE-2023-52169)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to 7-zip version 24.01 or later.

High

8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.3 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.0039

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

Published: 2024/10/17, Modified: 2024/10/18

Path : C:\Program Files\7-Zip
Installed version : 21.7.0.0
Fixed version : 24.01

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 24.07. It is, therefore, affected by a remote code execution vulnerability as referenced in the ZDI-24-1532 advisory.

- This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip.
Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2024-11477)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 24.07 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.3951

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

5.3 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/11/22, Modified: 2025/01/24

Path : C:\Program Files\7-Zip
Installed version : 21.7.0.0
Fixed version : 24.07

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 24.09. It is, therefore, affected by a vulnerability as referenced in the ZDI-25-045 advisory.

- The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 24.09 or later.

Medium

7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.3263

6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

5.1 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/01/23, Modified: 2025/08/12

Path : C:\Program Files\7-Zip
Installed version : 21.7.0.0
Fixed version : 24.09

The remote host is missing a security update.

The version of 7-Zip installed on the remote host is prior to 25.00. It is, therefore, affected by multiple vulnerabilities:

- 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. (CVE-2025-11001, CVE-2025-11002)

- An error in Z-zip's RAR5 handler's error correction for corrupted items can lead to a buffer overflow, resulting in memory corruption and denial of service.
(CVE-2025-53816)

- A Null pointer dereference in 7-Zip's implementation of the Compound handler can lead to denial of service at specific values. (CVE-2025-53817)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to 7-Zip version 25.00 or later.

Medium

7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

9.2

0.0031

6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

I

Published: 2025/07/23, Modified: 2025/11/20

Path : C:\Program Files\7-Zip
Installed version : 21.7.0.0
Fixed version : 25.00

The remote Windows host has a program that is affected by a denial of service vulnerability.

The version of Curl installed on the remote host is affected by a denial of service vulnerability due to accepting and storing unlimited large headers.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade Curl to version 8.3.0 or later

High

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

6.7 (CVSS:3.0/E:P/RL:O/RC:C)

4.4

0.1447

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

6.1 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2023/09/14, Modified: 2024/10/07

Path : c:\windows\system32\curl.exe
Installed version : 8.0.1.0
Fixed version : 8.3.0

Path : c:\windows\syswow64\curl.exe
Installed version : 8.0.1.0
Fixed version : 8.3.0

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5033369. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)

- Win32k Elevation of Privilege Vulnerability (CVE-2023-35631, CVE-2023-36011)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5033369

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.3857

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Core Impact (true)

Published: 2023/12/12, Modified: 2025/10/31

The remote host is missing one of the following rollup KBs :
- 5033369

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2652

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5034121. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)

- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)

- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5034121

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.9 (CVSS:3.0/E:P/RL:O/RC:C)

8.4

0.2808

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.8 (CVSS2#E:POC/RL:OF/RC:C)

I

Published: 2024/01/09, Modified: 2024/06/17

The remote host is missing one of the following rollup KBs :
- 5034121

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2713

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5034766. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21375, CVE-2024-21391, CVE-2024-21420)

- Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338, CVE-2024-21371)

- Windows Kernel Information Disclosure Vulnerability (CVE-2024-21340)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5034766

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.9377

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/02/13, Modified: 2025/10/09

The remote host is missing one of the following rollup KBs :
- 5034766

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2777

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5035854. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)

- Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5035854

Critical

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.3458

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/03/12, Modified: 2025/10/22

The remote host is missing one of the following rollup KBs :
- 5035854

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2836

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5036894. It is, therefore, affected by multiple vulnerabilities

- SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

- Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920, CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061, CVE-2024-29062)

- Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5036894

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.8317

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/04/09, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5036894

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2899

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5037770. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, CVE-2024-30025, CVE-2024-30037)

- Windows Mobile Broadband Driver Remote Code Execution Vulnerability (CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5037770

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.2

0.5191

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2024/05/14, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5037770

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.2960

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5039213. It is, therefore, affected by multiple vulnerabilities

- Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097)

- Windows Remote Access Connection Manager Information Disclosure Vulnerability (CVE-2024-30069)

- Windows Container Manager Service Elevation of Privilege Vulnerability (CVE-2024-30076)

- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5039213

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.8897

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2024/06/11, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5039213

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.3019

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5044280. It is, therefore, affected by multiple vulnerabilities

- libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. (CVE-2024-6197)

- Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

- An attacker could exploit a use after free vulnerability within the OS SAPI component to execute arbitrary code in the context of the compromised user to disclose sensitive information, compromise system integrity or impact the availability of the victim's system. (CVE-2024-43574)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5044280

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.5847

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2024/10/08, Modified: 2024/11/18

The remote host is missing one of the following rollup KBs :
- 5044280

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22000.2538
Should be : 10.0.22000.3260

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-42 advisory.

- Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10.
Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-5268)

- A double-free could have occurred in `vpxcodecencinitmulti` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash.
(CVE-2025-5283)

- Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. (CVE-2025-5263)

- Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.
(CVE-2025-5264)

- Due to insufficient escaping of the ampersand character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.
(CVE-2025-5265)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 139.0 or later.

High

8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

7.1 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0009

9.4 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)

7.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/05/27, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 139.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 143.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-73 advisory.

- Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2025-10537)

- Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10527)

- Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
(CVE-2025-10528)

- Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR <
140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10529)

- Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143 and Thunderbird < 143. (CVE-2025-10530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 143.0 or later.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0005

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/19, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 143.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 143.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-80 advisory.

- Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143.0.3. (CVE-2025-11152)

- JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.
(CVE-2025-11153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 143.0.3 or later.

High

8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)

7.5 (CVSS:3.0/E:U/RL:O/RC:C)

5.5

0.0002

9.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:P)

6.7 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/30, Modified: 2025/11/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 143.0.3

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-92 advisory.

- Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. (CVE-2025-14328, CVE-2025-14329)

- Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146 and Firefox ESR < 140.6. (CVE-2025-14321)

- Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. (CVE-2025-14322)

- Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. (CVE-2025-14323)

- JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, and Firefox ESR < 140.6. (CVE-2025-14324)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 146.0 or later.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.0004

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/12

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 146.0

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

The version of Firefox installed on the remote Windows host is prior to 146.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-98 advisory.

- Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
(CVE-2025-14861)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Mozilla Firefox version 146.0.1 or later.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.0004

Published: 2025/12/18, Modified: 2025/12/18

Path : C:\Program Files\Mozilla Firefox
Installed version : 137.0.1
Fixed version : 146.0.1

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability.

Microsoft has released security updates for Microsoft .NET Framework.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.547

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/04/11, Modified: 2024/07/12

Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5036619

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched.
Remote version : 4.8.9037.0
Should be : 4.8.9236.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5036619

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability.

Microsoft has released security updates for Microsoft .NET Framework.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.0035

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/07/12, Modified: 2024/10/11

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5039887

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2024-43483, CVE-2024-43484)

Note that Nessus has relied upon on the application's self-reported version number.

Microsoft has released security updates for Microsoft .NET Framework.

High

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

4.4

0.0338

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

5.8 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/10/11, Modified: 2025/03/31

Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5044030

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.9195.0
Should be : 4.8.9277.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5044030

The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability.

The version of VMware Tools installed on the remote Windows host is 11.x or 12.x prior to 12.5.1. It is, therefore, affected by an authentication bypass vulnerability:

- VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM. (CVE-2025-22230)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to VMware Tools version 12.5.1 or later.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.7

0.0003

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

I

Published: 2025/03/27, Modified: 2025/05/16

Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.3.5.46049
Fixed version : 12.5.1

The virtualization tool suite installed on the remote host is affected by multiple vulnerabilities.

The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.4, or 13.x prior to 13.0.5.
It is, therefore, affected by multiple vulnerabilities as disclosed in the VMSA-2025-0015 advisory:

- VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. (CVE-2025-41244)

- VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. (CVE-2025-41246)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to VMware Tools version 12.5.4, 13.0.5 or later.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0002

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.6 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/02, Modified: 2025/10/30

Path : C:\Program Files\VMware\VMware Tools\
Installed version : 12.3.5.46049
Fixed version : 12.5.4
CVE(s) : CVE-2025-41244 CVE-2025-41246

The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.

The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.

Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.0

0.7941

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

6.6 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2022/10/26, Modified: 2025/12/17

Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.

A web browser installed on the remote Windows host is affected by a vulnerability.

The version of Firefox installed on the remote Windows host is prior to 137.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-25 advisory.

- A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. (CVE-2025-3608)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.