IsItPatchedInstant security status for any software version
← All products

Windows Server 2025

Microsoft · Operating System
0/100 Critical · exploited

Summary iPlain-English security verdict for Windows Server 2025, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Windows Server 2025 currently scores 0/100 — critical, with active exploitation. 37 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2024-43451. The latest supported release is 10.0.26100. Upgrade immediately and review your exposure to the actively-exploited CVEs below. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".

Disclosure trend iNew CVEs published for Windows Server 2025 each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

⚠ 3 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2024-43451 MEDIUM ● exploited CWE-73 EPSS 90% → fixed in 10.0.26100.2314 CVE-2024-49138 HIGH ● exploited CWE-122 EPSS 87% → fixed in 10.0.26100.2605 CVE-2025-21333 HIGH ● exploited CWE-122 EPSS 79% → fixed in 10.0.26100.2894 CVE-2013-3900 MEDIUM ● exploited CWE-347 EPSS 76% → see advisory CVE-2025-59287 CRITICAL ● exploited Insecure deserialization EPSS 69% → fixed in 10.0.26100.6905 CVE-2024-49039 HIGH ● exploited ⚠ ransomware Improper authentication EPSS 65% → fixed in 10.0.26100.2314 CVE-2026-32202 MEDIUM ● exploited CWE-693 EPSS 53% → fixed in 10.0.26100.32690 CVE-2025-33053 HIGH ● exploited CWE-73 EPSS 50% → fixed in 10.0.26100.4270 CVE-2025-26633 HIGH ● exploited ⚠ ransomware CWE-707 EPSS 47% → fixed in 10.0.26100.3403 CVE-2025-33073 HIGH ● exploited Improper access control EPSS 44% → fixed in 10.0.26100.4270 CVE-2026-21513 HIGH ● exploited CWE-693 EPSS 28% → fixed in 10.0.26100.32313 CVE-2025-30397 HIGH ● exploited CWE-843 EPSS 21% → fixed in 10.0.26100.3981

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Windows Server 2025 release line is supported — and when it sunsets.

2025 latest 10.0.26100 Supported until 2034-10-10
23h2-ac latest 10.0.25398 End of life ended 2025-10-24
2022 latest 10.0.20348 Supported until 2031-10-14
20h2-sac latest 10.0.19042 End of life ended 2022-08-09
2004-sac latest 10.0.19041 End of life ended 2021-12-14
1909-sac latest 10.0.18363 End of life ended 2021-05-11
1903-sac latest 10.0.18362 End of life ended 2020-12-08
1809-sac latest 10.0.17763 End of life ended 2020-11-10
2019 latest 10.0.17763 Supported until 2029-01-09
1803-sac latest 10.0.17134 End of life ended 2019-11-12
See all upcoming end-of-life dates →

ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping

Last checked: Wed, 10 Jun 2026 22:18:30 UTC