Microsoft CVEs - Gilliam Security

CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Published on: 2025-11-25 08:00:00
Link: View Details
The following revisions have been made: 1) In the Security Updates table, corrected the impact entries to Remote Code Execution. 2) The CVSS scores have been updated. These are informational changes only. Customers who have successfully installed the update do not need to take any further action.

CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Published on: 2025-11-21 08:00:00
Link: View Details
Updated information to include CVSS scores. This is an informational change only.

CVE-2025-59272 Copilot Spoofing Vulnerability
Published on: 2025-11-21 08:00:00
Link: View Details
Updated information to include CVSS scores. This is an informational change only.

CVE-2025-59286 Copilot Spoofing Vulnerability
Published on: 2025-11-21 08:00:00
Link: View Details
Updated information to include CVSS scores. This is an informational change only.

CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Published on: 2025-11-21 08:00:00
Link: View Details
Updated acknowledgment.

CVE-2025-54114 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Published on: 2025-11-21 08:00:00
Link: View Details
Updated Security Impact values. This is an informational change only.

CVE-2025-64656 Application Gateway Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-59245 Microsoft SharePoint Online Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Information published.

CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Corrected security updates table. This is an informational change only.

CVE-2025-62207 Azure Monitor Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Information published.

CVE-2025-64660 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.

CVE-2025-62459 Microsoft Defender Portal Spoofing Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Information published.

CVE-2025-64657 Azure Application Gateway Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Stack-based buffer overflow in Software for Open Networking in the Cloud (SONiC) allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Information published.

CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-11-20 08:00:00
Link: View Details
Acknowledgement added. This is an informational change only.

Chromium: CVE-2025-13224 Type Confusion in V8
Published on: 2025-11-18 16:57:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

Chromium: CVE-2025-13223 Type Confusion in V8
Published on: 2025-11-18 16:57:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.

CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability
Published on: 2025-11-18 08:00:00
Link: View Details
Updated the build numbers. This is an informational update only.

CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability
Published on: 2025-11-18 08:00:00
Link: View Details
Updated the build numbers. This is an informational update only.

Chromium: CVE-2025-13042 Inappropriate implementation in V8
Published on: 2025-11-13 19:38:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

CVE-2025-59504 Azure Monitor Agent Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.

CVE-2025-59505 Windows Smart Card Reader Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.

CVE-2025-59506 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2025-59510 Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

CVE-2025-59511 Windows WLAN Service Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

CVE-2025-59512 Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.

CVE-2025-59513 Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.

CVE-2025-60703 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

CVE-2025-60704 Windows Kerberos Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-60705 Windows Client-Side Caching Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

CVE-2025-60706 Windows Hyper-V Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.

CVE-2025-60707 Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

CVE-2025-60708 Storvsp.sys Driver Denial of Service Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.

CVE-2025-60709 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2025-60726 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Affected software updated with new package information.

CVE-2025-60727 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Affected software updated with new package information.

CVE-2025-60728 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2025-62199 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-62206 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

CVE-2025-62210 Dynamics 365 Field Service (online) Spoofing Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

CVE-2025-62216 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-60719 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-60722 Microsoft OneDrive for Android Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.

CVE-2025-62217 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-62218 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

CVE-2025-62219 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

CVE-2025-62220 Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.

CVE-2025-62452 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

CVE-2025-59240 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-59514 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.

CVE-2025-60713 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.

CVE-2025-60715 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

CVE-2025-60716 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2025-60717 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.

CVE-2025-60718 Windows Administrator Protection Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.

CVE-2025-60720 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

CVE-2025-60723 DirectX Graphics Kernel Denial of Service Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network.

CVE-2025-60724 GDI+ Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVE-2025-62200 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62201 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62202 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-62203 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Affected software updated with new package information.

CVE-2025-62204 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-62205 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-62211 Dynamics 365 Field Service (online) Spoofing Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

CVE-2025-62214 Visual Studio Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

CVE-2025-62215 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-62213 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.

ADV990001 Latest Servicing Stack Updates
Published on: 2025-11-11 08:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

CVE-2025-60721 Windows Administrator Protection Elevation of Privilege Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.

CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.

CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.

CVE-2025-60726 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-60727 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62203 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-11-11 08:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox
Published on: 2025-11-10 08:00:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox
Published on: 2025-11-10 08:00:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12725 Out of bounds write in WebGPU
Published on: 2025-11-10 08:00:00
Link: View Details
Added FAQ information. This is an informational change only.

Chromium: CVE-2025-12727 Inappropriate implementation in V8
Published on: 2025-11-10 08:00:00
Link: View Details
Added FAQ information. This is an informational change only.

Chromium: CVE-2025-12725 Out of bounds write in WebGPU
Published on: 2025-11-06 19:20:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12727 Inappropriate implementation in V8
Published on: 2025-11-06 19:20:28
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12726 Inappropriate implementation in Views.
Published on: 2025-11-06 19:20:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12444 Incorrect security UI in Fullscreen UI
Published on: 2025-10-31 07:00:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12447 Incorrect security UI in Omnibox
Published on: 2025-10-31 07:00:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12446 Incorrect security UI in SplitView
Published on: 2025-10-31 07:00:02
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12445 Policy bypass in Extensions
Published on: 2025-10-31 07:00:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12433 Inappropriate implementation in V8
Published on: 2025-10-31 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12441 Out of bounds read in V8
Published on: 2025-10-31 07:00:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12440 Inappropriate implementation in Autofill
Published on: 2025-10-31 07:00:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12439 Inappropriate implementation in App-Bound Encryption
Published on: 2025-10-31 07:00:57
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12434 Race in Storage
Published on: 2025-10-31 07:00:52
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12435 Incorrect security UI in Omnibox
Published on: 2025-10-31 07:00:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12436 Policy bypass in Extensions
Published on: 2025-10-31 07:00:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12437 Use after free in PageInfo
Published on: 2025-10-31 07:00:55
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12438 Use after free in Ozone
Published on: 2025-10-31 07:00:56
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12433 Inappropriate implementation in V8
Published on: 2025-10-31 07:00:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12431 Inappropriate implementation in Extensions
Published on: 2025-10-31 07:00:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12430 Object lifecycle issue in Media
Published on: 2025-10-31 07:00:48
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12432 Race in V8
Published on: 2025-10-31 07:00:50
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12429 Inappropriate implementation in V8
Published on: 2025-10-31 07:00:47
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12428 Type Confusion in V8
Published on: 2025-10-31 07:00:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-12036 Inappropriate implementation in V8
Published on: 2025-10-31 07:00:51
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

CVE-2025-60711 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-10-31 07:00:00
Link: View Details
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability
Published on: 2025-10-30 07:00:00
Link: View Details
Updated product information in the Software Update table. This is an informational change only.

Chromium: CVE-2023-4863 Heap buffer overflow in WebP
Published on: 2025-10-30 07:00:00
Link: View Details
Updated product information in the Software Update table. This is an informational change only.

CVE-2025-40025 f2fs: fix to do sanity check on node footer for non inode dnode
Published on: 2025-10-29 01:02:43
Link: View Details
Information published.

CVE-2025-40051 vhost: vringh: Modify the return value check
Published on: 2025-10-29 01:02:54
Link: View Details
Information published.

CVE-2025-40077 f2fs: fix to avoid overflow while left shift operation
Published on: 2025-10-29 01:03:32
Link: View Details
Information published.

CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Published on: 2025-10-29 01:03:48
Link: View Details
Information published.

CVE-2025-40038 KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid
Published on: 2025-10-29 01:01:49
Link: View Details
Information published.

CVE-2025-40042 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference
Published on: 2025-10-29 01:01:54
Link: View Details
Information published.

CVE-2025-40029 bus: fsl-mc: Check return value of platform_get_resource()
Published on: 2025-10-29 01:02:00
Link: View Details
Information published.

CVE-2025-40061 RDMA/rxe: Fix race in do_task() when draining
Published on: 2025-10-29 01:02:05
Link: View Details
Information published.

CVE-2025-40078 bpf: Explicitly check accesses to bpf_sock_addr
Published on: 2025-10-29 01:02:11
Link: View Details
Information published.

CVE-2025-40044 fs: udf: fix OOB read in lengthAllocDescs handling
Published on: 2025-10-29 01:02:16
Link: View Details
Information published.

CVE-2025-40052 smb: client: fix crypto buffers in non-linear memory
Published on: 2025-10-29 01:02:22
Link: View Details
Information published.

CVE-2025-40030 pinctrl: check the return value of pinmux_ops::get_function_name()
Published on: 2025-10-29 01:02:27
Link: View Details
Information published.

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
Published on: 2025-10-29 01:02:33
Link: View Details
Information published.

CVE-2025-40053 net: dlink: handle copy_thresh allocation failure
Published on: 2025-10-29 01:02:38
Link: View Details
Information published.

CVE-2025-40055 ocfs2: fix double free in user_cluster_connect()
Published on: 2025-10-29 01:02:49
Link: View Details
Information published.

CVE-2025-40056 vhost: vringh: Fix copy_to_iter return value check
Published on: 2025-10-29 01:02:59
Link: View Details
Information published.

CVE-2025-40040 mm/ksm: fix flag-dropping behavior in ksm_madvise
Published on: 2025-10-29 01:03:05
Link: View Details
Information published.

CVE-2025-40026 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
Published on: 2025-10-29 01:03:10
Link: View Details
Information published.

CVE-2025-40060 coresight: trbe: Return NULL pointer for allocation failures
Published on: 2025-10-29 01:03:16
Link: View Details
Information published.

CVE-2025-40080 nbd: restrict sockets to TCP and UDP
Published on: 2025-10-29 01:03:21
Link: View Details
Information published.

CVE-2025-40032 PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release
Published on: 2025-10-29 01:03:26
Link: View Details
Information published.

CVE-2025-40033 remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()
Published on: 2025-10-29 01:03:37
Link: View Details
Information published.

CVE-2025-40074 ipv4: start using dst_dev_rcu()
Published on: 2025-10-29 01:03:43
Link: View Details
Information published.

CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data
Published on: 2025-10-29 01:03:54
Link: View Details
Information published.

CVE-2025-40039 ksmbd: Fix race condition in RPC handle list access
Published on: 2025-10-29 01:03:59
Link: View Details
Information published.

CVE-2025-40036 misc: fastrpc: fix possible map leak in fastrpc_put_args
Published on: 2025-10-29 01:04:04
Link: View Details
Information published.

CVE-2025-40048 uio_hv_generic: Let userspace take care of interrupt mask
Published on: 2025-10-29 01:04:10
Link: View Details
Information published.

CVE-2025-40081 perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
Published on: 2025-10-29 01:04:15
Link: View Details
Information published.

CVE-2025-40049 Squashfs: fix uninit-value in squashfs_get_parent
Published on: 2025-10-29 01:04:20
Link: View Details
Information published.

CVE-2025-11840 GNU Binutils ldmisc.c vfinfo out-of-bounds
Published on: 2025-10-29 01:04:28
Link: View Details
Information published.

CVE-2025-40027 net/9p: fix double req put in p9_fd_cancelled
Published on: 2025-10-29 01:04:34
Link: View Details
Information published.

CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Published on: 2025-10-29 01:04:39
Link: View Details
Information published.

CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Published on: 2025-10-29 01:04:44
Link: View Details
Information published.

CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Published on: 2025-10-29 01:04:50
Link: View Details
Information published.

CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()
Published on: 2025-10-29 01:04:55
Link: View Details
Information published.

CVE-2025-40079 riscv, bpf: Sign extend struct ops return values properly
Published on: 2025-10-29 01:05:01
Link: View Details
Information published.

CVE-2025-40071 tty: n_gsm: Don't block input queue by waiting MSC
Published on: 2025-10-29 01:05:06
Link: View Details
Information published.

CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability
Published on: 2025-10-28 07:00:00
Link: View Details
Updated one or more CVSS scores for the affected products. This is an informational change only.