CVE-2025-47989 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2025-10-15 07:00:00
Link: View Details
Affected software updated with new package information.
CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2025-10-15 07:00:00
Link: View Details
Affected software updated with new package information.
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Published on: 2025-10-15 07:00:00
Link: View Details
Corrected security updates table. This is an informational change only.
CVE-2025-47989 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-48004 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-50174 Windows Device Association Broker Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55247 .NET Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
**Fax modem hardware dependent on this specific driver will no longer work on Windows.**
Microsoft recommends removing any existing dependencies on this hardware.
CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
**Fax modem hardware dependent on this specific driver will no longer work on Windows.**
Microsoft recommends removing any existing dependencies on this hardware.
CVE-2025-55320 Configuration Manager Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-55325 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-55333 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55335 Windows NTFS Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55336 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
CVE-2025-55338 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55339 Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
CVE-2025-55340 Windows Remote Desktop Protocol Security Feature Bypass
Published on: 2025-10-14 07:00:00
Link: View Details
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.
CVE-2025-55677 Windows Device Association Broker Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-55681 Desktop Windows Manager Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-55685 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55686 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55687 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55689 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55700 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-55701 Windows Authentication Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-58717 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-58719 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-58722 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-58728 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-58732 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58735 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-59185 NTLM Hash Disclosure Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59186 Windows Kernel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-59195 Microsoft Graphics Component Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
CVE-2025-59196 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59200 Data Sharing Service Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
CVE-2025-59201 Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
CVE-2025-59202 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59204 Windows Management Services Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Information published.
CVE-2025-59207 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59211 Windows Push Notification Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59237 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59242 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-49708 Microsoft Graphics Component Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2025-59243 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59254 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59255 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-54957 MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder
Published on: 2025-10-14 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally.
CVE-2025-59257 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59258 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.
CVE-2025-59259 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59277 Windows Authentication Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59280 Windows SMB Client Tampering Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
CVE-2025-47979 Microsoft Failover Cluster Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-54132 GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool
Published on: 2025-10-14 07:00:00
Link: View Details
Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) to be exploited. In that case, it can send sensitive information to an attacker-controlled external server.
GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in Mermaid which address this vulnerability. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/) for more information.
CVE-2025-59281 Xbox Gaming Services Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-59284 Windows NTLM Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVE-2025-59288 Playwright Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2025-59290 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
CVE-2025-59294 Windows Taskbar Live Preview Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.
CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2025-59494 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2016-9535 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
MITRE created this CVE on their behalf. The documented Windows updates incorporate updates in LibTIFF which address this vulnerability. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/) for more information.
ADV990001 Latest Servicing Stack Updates
Published on: 2025-10-14 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2025-59502 Remote Procedure Call Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
CVE-2025-48813 Virtual Secure Mode Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVE-2025-25004 PowerShell Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-50152 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-53150 Windows Digital Media Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-50175 Windows Digital Media Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-53139 Windows Hello Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-53768 Xbox IStorageService Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2025-55326 Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
CVE-2025-55328 Windows Hyper-V Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-55330 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55331 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55332 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55334 Windows Kernel Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-55337 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55678 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-55679 Windows Kernel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55682 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55683 Windows Kernel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-55684 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55688 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55690 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55691 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55692 Windows Error Reporting Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2025-55693 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55694 Windows Error Reporting Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2025-55695 Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.
CVE-2025-55696 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.
CVE-2025-55697 Azure Local Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.
CVE-2025-55698 DirectX Graphics Kernel Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.
CVE-2025-55699 Windows Kernel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-58714 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-58720 Windows Cryptographic Services Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-58727 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-58729 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-58730 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58731 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58733 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58734 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58736 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
CVE-2025-58738 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58739 Microsoft Windows File Explorer Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59184 Storage Spaces Direct Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
CVE-2025-59187 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59188 Microsoft Failover Cluster Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-59189 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59190 Windows Search Service Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.
CVE-2025-59191 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-59192 Storport.sys Driver Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59193 Windows Management Services Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59194 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59197 Windows ETL Channel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.
CVE-2025-59198 Windows Search Service Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
CVE-2025-59205 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59208 Windows MapUrlToZone Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Information published.
CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59229 Microsoft Office Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.
CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-59241 Windows Health and Optimized Experiences Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59244 NTLM Hash Disclosure Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-59253 Windows Search Service Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59260 Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.
CVE-2025-59261 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59285 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-59289 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47827 MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11
Published on: 2025-10-14 07:00:00
Link: View Details
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
MITRE created this CVE on their behalf. The documented Windows updates incorporate updates in IGEL OS which address this vulnerability. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/) for more information.
CVE-2025-59497 Microsoft Defender for Linux Denial of Service Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-59214 Microsoft Windows File Explorer Spoofing Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59228 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
Published on: 2025-10-14 07:00:00
Link: View Details
[CVE-2025-2884](https://www.cve.org/CVERecord?id=CVE-2025-2884) is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm.
CERT/CC created this CVE on their behalf. The documented Windows updates incorporate updates in TCG TPM2.0 Reference implementation which address this vulnerability. Please see [CVE-2025-2884](https://www.cve.org/CVERecord?id=CVE-2025-2884) for more information.
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Published on: 2025-10-14 07:00:00
Link: View Details
The following updates have been made to CVE-2024-30098:
1. In the Security Updates table, added all supported versions Windows 11 25H2 as they are affected by the vulnerability.
2. To enable the fix by default, Microsoft has released October 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11.
3. Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ to state that starting with the October 2025 security updates, the fix will be enabled by default (DisableCapiOverrideForRSA set to 1) and the KSP will be used for RSA based certificates in the Smart Card Certificate Propagation service. If you discover applications relying on the old behavior, the DisableCapiOverrideForRSA registry key can be set back to 0 to switch back to auditing mode. The DisableCapiOverrideForRSA registry key will be removed in April 2026. See the FAQ section of this CVE for more information.
CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Published on: 2025-10-13 07:00:00
Link: View Details
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025.
CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit.
Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2025-10-10 07:00:00
Link: View Details
Added acknowledgements. This is an informational change only.
Chromium: CVE-2025-11460 Use after free in Storage
Published on: 2025-10-09 16:08:32
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
Chromium: CVE-2025-11458 Heap buffer overflow in Sync
Published on: 2025-10-09 16:08:29
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59247 Azure PlayFab Elevation of Privilege Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Information published.
CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Information published.
CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Information published.
CVE-2025-59272 Copilot Spoofing Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Information published.
CVE-2025-59286 Copilot Spoofing Vulnerability
Published on: 2025-10-09 07:00:00
Link: View Details
Information published.
Chromium: CVE-2025-11211 Out of bounds read in WebCodecs
Published on: 2025-10-09 16:08:33
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability
Published on: 2025-10-08 07:00:00
Link: View Details
Corrected Article links in the Security Updates table. This is an informational change only.
CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
Published on: 2025-10-07 07:00:00
Link: View Details
The following updates have been made to CVE-2025-59489: 1) In the Security Updates table, added Microsoft Mesh and Microsoft Mesh for Meta Quest as they affected by this vulnerability. 2) Further, to comprehensively address this vulnerability, Microsoft has released the 5.2514 build for these applications.
Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
Published on: 2025-10-03 07:00:00
Link: View Details
[Unity](https://unity.com) announced a security vulnerability (CVE-2025-59489) that is affecting games or applications built with the Unity Gaming Engine Editor (version 2017.1 or later).
You may be using a Microsoft app or playing a Microsoft game that should be uninstalled until an update is available. We are working to update games and applications that are potentially affected by this Unity vulnerability.
In most cases, you can stay safe by ensuring your games and applications are up to date and Microsoft Defender is running on your device.
If you have downloaded a vulnerable game or app (see list below) on one of the following platforms, you could be at risk:
* Android
* Windows
* Linux (Desktop)
* Linux (embedded)
* MacOS
We have confirmed the following are not impacted:
* Xbox consoles
* Xbox Cloud Gaming
* iOS
* HoloLens
**Recommended Next Steps:**
**For Developers**: Unity has made a fix available to developers. Organizations who believe that they have an app or game that might be impacted should reference Unity guidance and update their apps/games as soon as possible. You can learn more from Unity here.
**For Players and Customers**: Microsoft security and game development teams are working to update any game or application that is potentially affected by this Unity vulnerability.
If a Microsoft-owned game or application is not listed and you have installed all available updates, no further action is required. For customers who have automatic updates enabled, fixes will be deployed as they become available. If you have automatic updates turned off, please check to see if you have any updates available for your downloaded apps and games and install the latest update on your device.
Customers who have an impacted app or game installed (see below list) are encouraged to take these steps:
* Temporarily uninstall any impacted Microsoft apps or games until an update is available. For more guidance on how to uninstall, please see the FAQs below.
* Use an up-to-date version of Microsoft Defender to detect and block attempts to exploit this vulnerability.
* Follow guidance from Unity or your platform provider.
* Microsoft-owned games and apps affected by this vulnerability and their requisite updates are documented in the Security Updates Table.
**For Microsoft Mesh Apps Users**
In response to this CVE that is affecting applications built with the Unity Gaming Engine Editor (version 2017.1 or later), Microsoft has released a required security update for the Microsoft Mesh PC applications. We strongly encourage all users with the Microsoft Mesh apps installed on their devices to promptly update to the latest version of these apps, version 5.2513.3.0 or greater. If you have automatic updates enabled for these apps on all devices, no further action is required.
While we do not expect this to affect the functionality of any previously-scheduled events in Microsoft Mesh, use of the immersive spaces in Microsoft Teams meetings, or immersive events in Microsoft Teams, users will be required to update the Mesh PC apps before joining newly scheduled events in Mesh. We are informing you of this now so that you can mitigate any disruptions this may introduce to your events.
Chromium: CVE-2025-11215 Off by one error in V8
Published on: 2025-10-02 20:48:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11216 Inappropriate implementation in Storage
Published on: 2025-10-02 20:48:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox
Published on: 2025-10-02 20:48:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU
Published on: 2025-10-02 20:47:54
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox
Published on: 2025-10-02 20:48:04
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11210 Side-channel information leakage in Tab
Published on: 2025-10-02 20:48:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11207 Side-channel information leakage in Storage
Published on: 2025-10-02 20:47:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11208 Inappropriate implementation in Media
Published on: 2025-10-02 20:47:59
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11206 Heap buffer overflow in Video
Published on: 2025-10-02 20:47:58
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11219 Use after free in V8
Published on: 2025-10-02 20:48:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-11212 Inappropriate implementation in Media
Published on: 2025-10-02 20:48:03
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2025-53132 Win32k Elevation of Privilege Vulnerability
Published on: 2025-09-30 07:00:00
Link: View Details
Updated information to include CVSS scores. This is an informational change only.
CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Published on: 2025-09-25 07:00:00
Link: View Details
Added an acknowledgement. This is an informational change only.
Chromium: CVE-2025-10890 Side-channel information leakage in V8
Published on: 2025-09-25 07:00:34
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2025-59251 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2025-09-25 07:00:00
Link: View Details
Information published.
Chromium: CVE-2025-10891 Integer overflow in V8
Published on: 2025-09-25 07:00:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
Chromium: CVE-2025-10892 Integer overflow in V8
Published on: 2025-09-25 07:00:38
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2025-55322 OmniParser Remote Code Execution Vulnerability
Published on: 2025-09-24 07:00:00
Link: View Details
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
Chromium: CVE-2025-10501 Use after free in WebRTC
Published on: 2025-09-19 07:00:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
Chromium: CVE-2025-10585 Type Confusion in V8
Published on: 2025-09-19 07:00:19
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-10585 exists in the wild.
Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE
Published on: 2025-09-19 07:00:24
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
Chromium: CVE-2025-10500 Use after free in Dawn
Published on: 2025-09-19 07:00:23
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
CVE-2025-59215 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2025-09-18 07:00:00
Link: View Details
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
Published on: 2025-09-18 07:00:00
Link: View Details
The CVSS score for this vulnerability has been updated to reflect a change in the **Attack Complexity** metric from **High** to **Low**.
CVE-2025-59216 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2025-09-18 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability
Published on: 2025-09-18 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Published on: 2025-09-17 07:00:00
Link: View Details
Updated one or more CVSS scores for the affected products. This is an informational change only.
CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54898 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54899 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54903 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54904 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54905 Microsoft Word Information Disclosure Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54906 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-09-16 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
