CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
Published on: 2025-05-22 07:00:00
Link: View Details
To comprehensively address CVE-2025-26646, Microsoft has released security updates on May 22, 2025 for Visual Studio 2022 version 17.10. In addition, updates .NET 8.0.313 and .NET 8.0.410 have been released for .NET SDKs 8.0.3xx and 8.0.4xx, respectively. For more information about the .NET updates see [KB5059200](https://support.microsoft.com/en-us/topic/-net-8-0-update-may-22-2025-kb5059200-8ace2b08-2644-454e-a43f-157c60835e49). Microsoft recommends customers install these update to be fully protected from the vulnerability.
CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Published on: 2025-05-22 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Published on: 2025-05-21 07:00:00
Link: View Details
Updated the build numbers. This is an informational update only.
CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-05-15 07:00:00
Link: View Details
In the Security Updates table, added all supported editions of Windows Server 2008 and Windows Server 2008 R2 as they are affected by this vulnerability. Customers running these versions of Windows Server please note that to be protected from this vulnerability you need to install the out-of-band updates as follows:
* Windows Server 2008 R2: KB5061195 (Security-only update)
* Windows Server 2008 R2: KB5061196 (Monthly Rollup)
* Windows Server 2008: KB5061197 (Security-only update)
* Windows Server 2008: KB5061198 (Monthly Rollup)
Please see the Security Updates table and FAQs section for more information.
CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
Published on: 2025-05-15 07:00:00
Link: View Details
Information published.
Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo
Published on: 2025-05-15 17:20:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader
Published on: 2025-05-15 17:20:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.
CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29964 Windows Media Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32703 Visual Studio Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
ADV990001 Latest Servicing Stack Updates
Published on: 2025-05-13 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an authorized attacker to execute code over a network.
CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29837 Windows Installer Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.
CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.
CVE-2025-29840 Windows Media Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.
CVE-2025-29956 Windows SMB Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29962 Windows Media Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29963 Windows Media Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-32707 NTFS Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-26673 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2025-29823 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.
CVE-2017-0045 Windows DVD Maker XML External Entity Information Disclosure Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
To comprehensively address CVE-2025-26629, Microsoft has released May 2025 security updates for all affected versions of Microsoft Office. Customers running any of these versions should ensure that they have the latest build installed. For more information and to verify the build version, see https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-05-13 07:00:00
Link: View Details
To comprehensively address CVE-2024-49128, Microsoft has released May 2025 security updates for all affected versions of Windows Server. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
Published on: 2025-05-08 07:00:00
Link: View Details
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability
Published on: 2025-05-08 07:00:00
Link: View Details
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability
Published on: 2025-05-08 07:00:00
Link: View Details
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability
Published on: 2025-05-08 07:00:00
Link: View Details
An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability
Published on: 2025-05-08 07:00:00
Link: View Details
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability
Published on: 2025-05-08 07:00:00
Link: View Details
Information published.
Chromium: CVE-2025-4372 Use after free in WebAudio
Published on: 2025-05-08 23:20:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202 5) for more information.
CVE-2025-30391 Microsoft Dynamics Information Disclosure Vulnerability
Published on: 2025-04-30 07:00:00
Link: View Details
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability
Published on: 2025-04-30 07:00:00
Link: View Details
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33074 Azure Functions Remote Code Execution Vulnerability
Published on: 2025-04-30 07:00:00
Link: View Details
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVE-2025-30390 Azure ML Compute Elevation of Privilege Vulnerability
Published on: 2025-04-30 07:00:00
Link: View Details
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
CVE-2025-30392 Azure AI bot Elevation of Privilege Vulnerability
Published on: 2025-04-30 07:00:00
Link: View Details
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21416 Azure Virtual Desktop Elevation of Privilege Vulnerability
Published on: 2025-04-30 07:00:00
Link: View Details
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVE-2025-21199 Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability
Published on: 2025-04-25 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.
CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
Published on: 2025-04-25 07:00:00
Link: View Details
Added an acknowledgement. This is an informational change only.
