April 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Apr 2025-Apr Final 1.0 544 2026-05-17T14:48:50 April 2025 Security Updates 2025-04-08T07:00:00 2026-05-17T14:48:50 <h2 id="this-release-consists-of-the-following-134-microsoft-cves">This release consists of the following 134 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21174">CVE-2025-21174</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority (LSA)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21191">CVE-2025-21191</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21197">CVE-2025-21197</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21203">CVE-2025-21203</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21204">CVE-2025-21204</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21205">CVE-2025-21205</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21221">CVE-2025-21221</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21222">CVE-2025-21222</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Virtual Desktop</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21416">CVE-2025-21416</a></td> <td>8.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24058">CVE-2025-24058</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24060">CVE-2025-24060</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24062">CVE-2025-24062</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24073">CVE-2025-24073</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24074">CVE-2025-24074</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25000">CVE-2025-25000</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25001">CVE-2025-25001</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Local Cluster</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25002">CVE-2025-25002</a></td> <td>6.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Local Cluster</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26628">CVE-2025-26628</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hello</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26635">CVE-2025-26635</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26637">CVE-2025-26637</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows USB Print Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26639">CVE-2025-26639</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26640">CVE-2025-26640</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26641">CVE-2025-26641</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26642">CVE-2025-26642</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hello</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26644">CVE-2025-26644</a></td> <td>5.1</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26647">CVE-2025-26647</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26648">CVE-2025-26648</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Channel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26649">CVE-2025-26649</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Session Manager (LSM)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26651">CVE-2025-26651</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26652">CVE-2025-26652</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LDAP - Lightweight Directory Access Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26663">CVE-2025-26663</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26664">CVE-2025-26664</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows upnphost.dll</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26665">CVE-2025-26665</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26666">CVE-2025-26666</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26667">CVE-2025-26667</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26668">CVE-2025-26668</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26669">CVE-2025-26669</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LDAP - Lightweight Directory Access Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26670">CVE-2025-26670</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26671">CVE-2025-26671</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26672">CVE-2025-26672</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LDAP - Lightweight Directory Access Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26673">CVE-2025-26673</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26674">CVE-2025-26674</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Subsystem for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26675">CVE-2025-26675</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26676">CVE-2025-26676</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Application Control (WDAC)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26678">CVE-2025-26678</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>RPC Endpoint Mapper Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26679">CVE-2025-26679</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26680">CVE-2025-26680</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26681">CVE-2025-26681</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>ASP.NET Core</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26682">CVE-2025-26682</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26686">CVE-2025-26686</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26687">CVE-2025-26687</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Virtual Hard Drive</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26688">CVE-2025-26688</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27467">CVE-2025-27467</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LDAP - Lightweight Directory Access Protocol</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27469">CVE-2025-27469</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27470">CVE-2025-27470</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27471">CVE-2025-27471</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Mark of the Web (MOTW)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27472">CVE-2025-27472</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows HTTP.sys</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27473">CVE-2025-27473</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27474">CVE-2025-27474</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27475">CVE-2025-27475</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27476">CVE-2025-27476</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27477">CVE-2025-27477</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority (LSA)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27478">CVE-2025-27478</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27479">CVE-2025-27479</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Gateway Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27480">CVE-2025-27480</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Telephony Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27481">CVE-2025-27481</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Gateway Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27482">CVE-2025-27482</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27483">CVE-2025-27483</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Universal Plug and Play (UPnP) Device Host</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27484">CVE-2025-27484</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27485">CVE-2025-27485</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Standards-Based Storage Management Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27486">CVE-2025-27486</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Client</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27487">CVE-2025-27487</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Local</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27489">CVE-2025-27489</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Bluetooth Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27490">CVE-2025-27490</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27491">CVE-2025-27491</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Channel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27492">CVE-2025-27492</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27727">CVE-2025-27727</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27728">CVE-2025-27728</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27729">CVE-2025-27729</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Digital Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27730">CVE-2025-27730</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>OpenSSH for Windows</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27731">CVE-2025-27731</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27732">CVE-2025-27732</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27733">CVE-2025-27733</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Virtualization-Based Security (VBS) Enclave</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27735">CVE-2025-27735</a></td> <td>6.0</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Power Dependency Coordinator</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27736">CVE-2025-27736</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Security Zone Mapping</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27737">CVE-2025-27737</a></td> <td>8.6</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27738">CVE-2025-27738</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27739">CVE-2025-27739</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Active Directory Certificate Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27740">CVE-2025-27740</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27741">CVE-2025-27741</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27742">CVE-2025-27742</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>System Center</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27743">CVE-2025-27743</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27744">CVE-2025-27744</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27745">CVE-2025-27745</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27746">CVE-2025-27746</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27747">CVE-2025-27747</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27748">CVE-2025-27748</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27749">CVE-2025-27749</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27750">CVE-2025-27750</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27751">CVE-2025-27751</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27752">CVE-2025-27752</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29791">CVE-2025-29791</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29792">CVE-2025-29792</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29793">CVE-2025-29793</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29794">CVE-2025-29794</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for iOS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29796">CVE-2025-29796</a></td> <td>4.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft AutoUpdate (MAU)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29800">CVE-2025-29800</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft AutoUpdate (MAU)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29801">CVE-2025-29801</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29802">CVE-2025-29802</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Tools for Applications and SQL Server Management Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29803">CVE-2025-29803</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29804">CVE-2025-29804</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Outlook for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29805">CVE-2025-29805</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29808">CVE-2025-29808</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29809">CVE-2025-29809</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Active Directory Domain Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29810">CVE-2025-29810</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Mobile Broadband</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29811">CVE-2025-29811</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel Memory</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29812">CVE-2025-29812</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29815">CVE-2025-29815</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29816">CVE-2025-29816</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Power Automate</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29817">CVE-2025-29817</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Portal Windows Admin Center</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29819">CVE-2025-29819</a></td> <td>6.2</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29820">CVE-2025-29820</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Dynamics Business Central</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29821">CVE-2025-29821</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office OneNote</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29822">CVE-2025-29822</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29823">CVE-2025-29823</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824">CVE-2025-29824</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29834">CVE-2025-29834</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Bot Framework SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30389">CVE-2025-30389</a></td> <td>8.7</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30390">CVE-2025-30390</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30391">CVE-2025-30391</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Bot Framework SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30392">CVE-2025-30392</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Visual Studio Code</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32726">CVE-2025-32726</a></td> <td>6.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Azure Functions</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33074">CVE-2025-33074</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-11-non-microsoft-cves">We are republishing 11 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3066">CVE-2025-3066</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3067">CVE-2025-3067</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3068">CVE-2025-3068</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3069">CVE-2025-3069</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3070">CVE-2025-3070</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3071">CVE-2025-3071</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3072">CVE-2025-3072</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3073">CVE-2025-3073</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3074">CVE-2025-3074</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3619">CVE-2025-3619</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-3620">CVE-2025-3620</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002692">5002692</a></td> <td>SharePoint Enterprise Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002700">5002700</a></td> <td>Microsoft Office 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055518">5055518</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055519">5055519</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055521">5055521</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055523">5055523</a></td> <td>Windows 11, version 24H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055526">5055526</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055527">5055527</a></td> <td>Windows Server 2022, 23H2 Edition (Server Core installation)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055528">5055528</a></td> <td>Windows 11, version 22H2, Windows 11, version 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055596">5055596</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5055609">5055609</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows App Client for Windows Desktop Remote Desktop client for Windows Desktop Windows Admin Center Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Office for Android Microsoft Office for Universal Microsoft Office 2016 (64-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC for Mac 2024 Microsoft Office 2016 (32-bit edition) Office Online Server SharePoint Server Subscription Edition Language Pack Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft SharePoint Server Subscription Edition Microsoft OneNote for Mac Microsoft OneNote 2016 (32-bit edition) Microsoft OneNote 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft AutoUpdate for Mac System Center Virtual Machine Manager 2022 System Center Virtual Machine Manager 2019 System Center Virtual Machine Manager 2025 System Center Data Protection Manager 2025 System Center Data Protection Manager 2022 System Center Data Protection Manager 2019 System Center Orchestrator 2019 System Center Orchestrator 2022 System Center Orchestrator 2025 System Center Service Manager 2019 System Center Service Manager 2022 System Center Service Manager 2025 System Center Operations Manager 2019 System Center Operations Manager 2022 System Center Operations Manager 2025 Microsoft Edge for iOS Microsoft Edge (Chromium-based) Microsoft Dynamics 365 Business Central Wave 1 2024 – Update 24.12 Microsoft Dynamics 365 Business Central 2023 Wave 2 – Update 23.18 Microsoft Dynamics 365 Business Central 2024 Wave 2 – Update 25.6 Microsoft Dynamics 365 Business Central 2025 Wave 1 – Update 26.0 Power Automate for Desktop Dynamics 365 Customer Service Azure Local Cluster Azure Stack HCI OS 22H2 Azure Stack HCI OS 23H2 Windows Admin Center in Azure Portal Azure AI Bot Service Azure Functions Azure Machine Learning Azure Virtual Desktop Visual Studio Tools for Applications (VSTA) 2019 Visual Studio Tools for Applications (VSTA) 2022 VSTA 2022 SDK VSTA 2019 SDK Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.12 Microsoft Visual Studio 2022 version 17.13 Visual Studio Code ASP.NET Core 8.0 ASP.NET Core 9.0 SQL Server Management Studio 20.2 Microsoft Outlook for Android azl3 crash 8.0.4-3 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 telegraf 1.29.4-15 on CBL Mariner 2.0 azl3 telegraf 1.31.0-9 on Azure Linux 3.0 azl3 telegraf 1.31.0-10 on Azure Linux 3.0 azl3 xz 5.4.4-2 on Azure Linux 3.0 azl3 giflib 5.2.1-10 on Azure Linux 3.0 cbl2 giflib 5.2.1-9 on CBL Mariner 2.0 azl3 giflib 5.2.1-9 on Azure Linux 3.0 azl3 haproxy 2.9.11-3 on Azure Linux 3.0 azl3 libsoup 3.4.4-6 on Azure Linux 3.0 cbl2 libsoup 3.0.4-3 on CBL Mariner 2.0 azl3 libsoup 3.4.4-3 on Azure Linux 3.0 azl3 libsoup 3.4.4-4 on Azure Linux 3.0 azl3 kernel 6.6.78.1-3 on Azure Linux 3.0 azl3 valkey 8.0.3-1 on Azure Linux 3.0 azl3 valkey 8.0.2-1 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-4 on Azure Linux 3.0 azl3 erlang 26.2.5.9-1 on Azure Linux 3.0 cbl2 erlang 25.3.2.20-1 on CBL Mariner 2.0 azl3 erlang 26.2.5.11-1 on Azure Linux 3.0 azl3 perl 5.38.2-507 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 cbl2 telegraf 1.29.4-16 on CBL Mariner 2.0 cbl2 giflib 5.2.1-10 on CBL Mariner 2.0 cbl2 haproxy 2.4.24-1 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-6 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 redis 6.2.18-3 on CBL Mariner 2.0 cbl2 redis 6.2.20-1 on CBL Mariner 2.0 cbl2 erlang 25.2-3 on CBL Mariner 2.0 cbl2 perl 5.34.1-490 on CBL Mariner 2.0 azl3 perl 5.38.2-508 on Azure Linux 3.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Outlook for Android Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft OneNote 2016 (32-bit edition) Microsoft OneNote 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft AutoUpdate for Mac Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Visual Studio Code Windows Admin Center Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Azure Functions Remote Desktop client for Windows Desktop Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Edge for iOS SharePoint Server Subscription Edition Language Pack System Center Operations Manager 2019 System Center Operations Manager 2022 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure Machine Learning Microsoft Office for Android Microsoft Office for Universal Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) ASP.NET Core 8.0 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Azure Linux 3.0 x64 Azure Linux 3.0 ARM Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Power Automate for Desktop Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Azure Stack HCI OS 22H2 Azure Stack HCI OS 23H2 Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Windows App Client for Windows Desktop System Center Operations Manager 2025 Microsoft Visual Studio 2022 version 17.12 Microsoft OneNote for Mac Azure Local Cluster Microsoft Visual Studio 2022 version 17.13 ASP.NET Core 9.0 Microsoft Dynamics 365 Business Central 2025 Wave 1 – Update 26.0 Microsoft Dynamics 365 Business Central 2024 Wave 2 – Update 25.6 Microsoft Dynamics 365 Business Central 2023 Wave 2 – Update 23.18 Microsoft Dynamics 365 Business Central Wave 1 2024 – Update 24.12 Windows Admin Center in Azure Portal System Center Service Manager 2019 System Center Service Manager 2022 System Center Service Manager 2025 System Center Orchestrator 2019 System Center Orchestrator 2022 System Center Orchestrator 2025 System Center Data Protection Manager 2019 System Center Data Protection Manager 2022 System Center Data Protection Manager 2025 System Center Virtual Machine Manager 2019 System Center Virtual Machine Manager 2022 System Center Virtual Machine Manager 2025 Visual Studio Tools for Applications (VSTA) 2019 Visual Studio Tools for Applications (VSTA) 2022 SQL Server Management Studio 20.2 VSTA 2022 SDK VSTA 2019 SDK Azure AI Bot Service Azure Virtual Desktop Dynamics 365 Customer Service cbl2 libdb 5.3.28-7 on CBL Mariner 2.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 mysql 8.0.41-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 haproxy 2.4.24-1 on CBL Mariner 2.0 azl3 perl 5.38.2-507 on Azure Linux 3.0 azl3 kernel 6.6.82.1-1 on Azure Linux 3.0 azl3 kernel 6.6.78.1-3 on Azure Linux 3.0 azl3 valkey 8.0.2-1 on Azure Linux 3.0 azl3 mysql 8.0.41-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-3 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 krb5 1.21.3-2 on Azure Linux 3.0 azl3 node-problem-detector 0.8.20-2 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 azl3 crash 8.0.4-3 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 cbl2 pgbouncer 1.16.1-1 on CBL Mariner 2.0 azl3 giflib 5.2.1-10 on Azure Linux 3.0 azl3 libdb 5.3.28-9 on Azure Linux 3.0 cbl2 php 8.1.32-1 on CBL Mariner 2.0 azl3 valkey 8.0.3-1 on Azure Linux 3.0 azl3 kernel 6.6.85.1-2 on Azure Linux 3.0 azl3 kube-vip-cloud-provider 0.0.10-4 on Azure Linux 3.0 azl3 helm 3.15.2-3 on Azure Linux 3.0 azl3 docker-compose 2.27.0-5 on Azure Linux 3.0 azl3 packer 1.9.5-9 on Azure Linux 3.0 azl3 prometheus-adapter 0.12.0-3 on Azure Linux 3.0 azl3 cf-cli 8.7.11-3 on Azure Linux 3.0 azl3 gh 2.62.0-8 on Azure Linux 3.0 azl3 kubevirt 1.2.0-17 on Azure Linux 3.0 azl3 kubernetes 1.30.10-7 on Azure Linux 3.0 azl3 sriov-network-device-plugin 3.7.0-4 on Azure Linux 3.0 azl3 ig 0.37.0-4 on Azure Linux 3.0 azl3 telegraf 1.31.0-10 on Azure Linux 3.0 azl3 influxdb 2.7.5-5 on Azure Linux 3.0 azl3 multus 4.0.2-5 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-14 on Azure Linux 3.0 azl3 keda 2.14.1-7 on Azure Linux 3.0 azl3 cni-plugins 1.4.0-3 on Azure Linux 3.0 cbl2 pgbouncer 1.24.1-1 on CBL Mariner 2.0 azl3 pgbouncer 1.24.1-1 on Azure Linux 3.0 azl3 erlang 26.2.5.9-1 on Azure Linux 3.0 cbl2 libsoup 3.0.4-5 on CBL Mariner 2.0 azl3 libsoup 3.4.4-5 on Azure Linux 3.0 azl3 bcc 0.29.1-3 on Azure Linux 3.0 azl3 dwarves 1.25-2 on Azure Linux 3.0 azl3 libbpf 1.2.2-2 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 azl3 application-gateway-kubernetes-ingress 1.7.7-2 on Azure Linux 3.0 cbl2 telegraf 1.29.4-15 on CBL Mariner 2.0 azl3 telegraf 1.31.0-9 on Azure Linux 3.0 azl3 xz 5.4.4-2 on Azure Linux 3.0 cbl2 giflib 5.2.1-9 on CBL Mariner 2.0 azl3 giflib 5.2.1-9 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-4 on Azure Linux 3.0 azl3 libsoup 3.4.4-6 on Azure Linux 3.0 azl3 libxml2 2.11.5-5 on Azure Linux 3.0 cbl2 erlang 25.3.2.20-1 on CBL Mariner 2.0 azl3 erlang 26.2.5.11-1 on Azure Linux 3.0 cbl2 pytorch 2.0.0-8 on CBL Mariner 2.0 azl3 pytorch 2.2.2-6 on Azure Linux 3.0 azl3 haproxy 2.9.11-3 on Azure Linux 3.0 azl3 openssh 9.8p1-4 on Azure Linux 3.0 cbl2 libsoup 3.0.4-3 on CBL Mariner 2.0 azl3 libsoup 3.4.4-3 on Azure Linux 3.0 azl3 libsoup 3.4.4-4 on Azure Linux 3.0 cbl2 libsoup 3.0.4-4 on CBL Mariner 2.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 cbl2 mysql 8.0.42-1 on CBL Mariner 2.0 cm2 libsoup 3.0.4-7 on CBL Mariner 2.0 cm2 glib 2.71.0-5 on CBL Mariner 2.0 azl3 mysql 8.0.42-1 on Azure Linux 3.0 azl3 cert-manager 1.12.15-4 on Azure Linux 3.0 azl3 libsoup 3.4.4-7 on Azure Linux 3.0 azl3 glib 2.78.6-2 on Azure Linux 3.0 azl3 containerd2 2.0.0-12 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 cbl2 sriov-network-device-plugin 3.6.2-9 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 vitess 17.0.7-8 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0 azl3 kernel 6.6.85.1-4 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 cri-tools 1.29.0-6 on CBL Mariner 2.0 cbl2 sqlite 3.39.2-3 on CBL Mariner 2.0 cbl2 kubernetes 1.28.4-18 on CBL Mariner 2.0 cbl2 kubevirt 0.59.0-28 on CBL Mariner 2.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-2 on CBL Mariner 2.0 cbl2 mysql 8.0.41-1 on CBL Mariner 2.0 cbl2 glib 2.71.0-5 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-16 on CBL Mariner 2.0 cbl2 packer 1.9.5-13 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0 cbl2 perl 5.34.1-490 on CBL Mariner 2.0 cbl2 helm 3.14.2-6 on CBL Mariner 2.0 cbl2 cni-plugins 1.3.0-8 on CBL Mariner 2.0 azl3 xdp-tools 1.4.2-1 on Azure Linux 3.0 azl3 cloud-provider-kubevirt 0.5.1-1 on Azure Linux 3.0 azl3 dasel 2.8.1-2 on Azure Linux 3.0 cbl2 erlang 25.2-3 on CBL Mariner 2.0 azl3 python-cryptography 42.0.5-3 on Azure Linux 3.0 cbl2 krb5 1.19.4-3 on CBL Mariner 2.0 cbl2 busybox 1.35.0-14 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-6 on CBL Mariner 2.0 cbl2 libdb 5.3.28-7 on CBL Mariner 2.0 cbl2 php 8.1.32-1 on CBL Mariner 2.0 cbl2 rubygem-elasticsearch 8.3.0-1 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-7 on CBL Mariner 2.0 azl3 rubygem-elasticsearch 8.9.0-1 on Azure Linux 3.0 azl3 libsoup 3.4.4-9 on Azure Linux 3.0 cbl2 openssh 8.9p1-8 on CBL Mariner 2.0 cbl2 giflib 5.2.1-10 on CBL Mariner 2.0 cbl2 haproxy 2.4.24-1 on CBL Mariner 2.0 cbl2 libbpf 1.0.1-2 on CBL Mariner 2.0 cbl2 libxml2 2.10.4-7 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-23 on CBL Mariner 2.0 azl3 sqlite 3.44.0-1 on Azure Linux 3.0 azl3 perl 5.38.2-508 on Azure Linux 3.0 azl3 pgbouncer 1.20.1-1 on Azure Linux 3.0 cbl2 pgbouncer 1.16.1-1 on CBL Mariner 2.0 azl3 cri-tools 1.32.0-2 on Azure Linux 3.0 azl3 docker-buildx 0.14.0-6 on Azure Linux 3.0 cbl2 multus 4.0.2-8 on CBL Mariner 2.0 cbl2 nvidia-container-toolkit 1.17.8-1 on CBL Mariner 2.0 azl3 nvidia-container-toolkit 1.17.8-1 on Azure Linux 3.0 azl3 libglvnd 1.7.0-3 on Azure Linux 3.0 azl3 busybox 1.36.1-14 on Azure Linux 3.0 cbl2 redis 6.2.18-3 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-9 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-3 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-24 on CBL Mariner 2.0 cbl2 cri-tools 1.29.0-8 on CBL Mariner 2.0 cbl2 nvidia-container-toolkit 1.17.8-3 on CBL Mariner 2.0 cbl2 krb5 1.19.4-4 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-17 on CBL Mariner 2.0 cbl2 ruby 3.1.7-3 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-5 on Azure Linux 3.0 azl3 busybox 1.36.1-15 on Azure Linux 3.0 azl3 nvidia-container-toolkit 1.17.8-2 on Azure Linux 3.0 azl3 apparmor 3.1.7-1 on Azure Linux 3.0 cbl2 fluent-bit 3.0.6-4 on CBL Mariner 2.0 cbl2 redis 6.2.20-1 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 ceph 18.2.2-11 on Azure Linux 3.0 azl3 fluent-bit 3.1.9-6 on Azure Linux 3.0 azl3 busybox 1.36.1-17 on Azure Linux 3.0 cbl2 libsoup 3.0.4-10 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 libsoup 3.4.4-10 on Azure Linux 3.0 azl3 busybox 1.36.1-18 on Azure Linux 3.0 azl3 ruby 3.3.5-6 on Azure Linux 3.0 cbl2 fluent-bit 3.0.6-6 on CBL Mariner 2.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 ceph 18.2.2-12 on Azure Linux 3.0 azl3 fluent-bit 3.1.10-2 on Azure Linux 3.0 azl3 telegraf 1.31.0-11 on Azure Linux 3.0 azl3 busybox 1.36.1-19 on Azure Linux 3.0 cbl2 cert-manager 1.11.2-25 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-18 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 telegraf 1.31.0-12 on Azure Linux 3.0 azl3 libsoup 3.4.4-11 on Azure Linux 3.0 azl3 fluent-bit 3.1.10-4 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 busybox 1.35.0-16 on CBL Mariner 2.0 azl3 busybox 1.36.1-21 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-12 on CBL Mariner 2.0 cbl2 busybox 1.35.0-18 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-27 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-21 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 azl3 libsoup 3.4.4-12 on Azure Linux 3.0 azl3 telegraf 1.31.0-15 on Azure Linux 3.0 azl3 busybox 1.36.1-22 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 busybox 1.36.1-23 on Azure Linux 3.0 azl3 libsoup 3.4.4-14 on Azure Linux 3.0 cbl2 libsoup 3.0.4-13 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-22 on CBL Mariner 2.0 azl3 telegraf 1.31.0-17 on Azure Linux 3.0 azl3 libsoup 3.4.4-15 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 telegraf 1.31.0-19 on Azure Linux 3.0 azl3 fluent-bit 3.1.10-6 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab` <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-25588 Use of Uninitialized Variable 18344-17084 18344-17084 Moderate 18344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:32:14 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> Out of bounds read in parse_module function in bfd/vms-alpha.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-25584 Out-of-bounds Read 18344-17084 18344-17084 Important 18344-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H 18344-17084 CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:32:55 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> Field `file_table` of `struct module *module` is uninitialized <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2023-25585 Use of Uninitialized Variable 18344-17084 18344-17084 Moderate 18344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 18344-17084 CBL-Mariner Releases 18344-17084 No Security Update 8.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18344-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> 2.1 2026-02-18T01:29:28 <p>Information published.</p> ftrace: Avoid potential division by zero in function_stat_show() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21898 Divide By Zero 17095-16823 19705-17086 17099-17086 17095-16823 19705-17086 17099-17086 Moderate 17095-16823 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:46:50 <p>Information published.</p> wifi: iwlwifi: limit printed string from FW file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21905 Out-of-bounds Read 19705-17086 17095-16823 19288-17084 17465-17084 17099-17086 19705-17086 17095-16823 19288-17084 17465-17084 17099-17086 19705-17086 Moderate 17095-16823 Moderate 19288-17084 Moderate 17465-17084 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17095-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:43:05 <p>Information published.</p> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21908 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> usb: typec: ucsi: Fix NULL pointer access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21918 NULL Pointer Dereference 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21919 Out-of-bounds Write 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 Important 17099-17086 Important 17095-16823 Important 19288-17084 Important 17465-17084 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 2.0 2026-02-18T02:25:05 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> ppp: Fix KMSAN uninit-value warning with bpf <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21922 19705-17086 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 Moderate 17095-16823 Moderate 19288-17084 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:30:15 <p>Information published.</p> HID: hid-steam: Fix use-after-free when detaching device <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21923 Use After Free 17465-17084 19288-17084 17465-17084 19288-17084 Important 17465-17084 Important 19288-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:31:21 <p>Information published.</p> rapidio: fix an API misues when rio_add_net() fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21934 Use After Free 19705-17086 17095-16823 19288-17084 17465-17084 17099-17086 19705-17086 17095-16823 19288-17084 17465-17084 17099-17086 19705-17086 Important 17095-16823 Important 19288-17084 Important 17465-17084 Important 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:11:32 <p>Information published.</p> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21937 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21941 NULL Pointer Dereference 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 Moderate 17095-16823 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 2.0 2026-02-18T01:58:00 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> HID: appleir: Fix potential NULL dereference at raw event handle <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21948 NULL Pointer Dereference 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 Moderate 17095-16823 Moderate 19288-17084 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:33:21 <p>Information published.</p> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21951 Improper Locking 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 Moderate 17095-16823 Moderate 19288-17084 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:23:46 <p>Information published.</p> cifs: Fix integer overflow while processing closetimeo mount option <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21962 17465-17084 19705-17086 17095-16823 19288-17084 17099-17086 17465-17084 19705-17086 17095-16823 19288-17084 17099-17086 17465-17084 19705-17086 Moderate 17095-16823 Moderate 19288-17084 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases 2.0 2026-02-21T02:35:04 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> cifs: Fix integer overflow while processing acdirmax mount option <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21963 Integer Overflow or Wraparound 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 Moderate 17095-16823 Moderate 19288-17084 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases 2.0 2026-02-21T02:32:28 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21966 Out-of-bounds Write 17465-17084 19288-17084 17465-17084 19288-17084 Moderate 17465-17084 Moderate 19288-17084 6.7 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:31:03 <p>Information published.</p> Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21969 Use After Free 17087-17086 20925-17086 21093-17086 19288-17084 17465-17084 17087-17086 20925-17086 21093-17086 19288-17084 17465-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 19288-17084 Moderate 17465-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17087-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 20925-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 17465-17084 CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-03-03T15:01:08 <p>Information published.</p> 3.0 2026-03-31T14:45:58 <p>Information published.</p> 1.1 2026-02-18T03:10:12 <p>Information published.</p> sched: address a potential NULL pointer dereference in the GRED scheduler. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21980 NULL Pointer Dereference 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21991 Improper Validation of Array Index 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 Important 17465-17084 Important 18490-17086 Important 17095-16823 Important 19288-17084 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:10:04 <p>Information published.</p> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21993 Out-of-bounds Read 19682-17086 18490-17086 17095-16823 19288-17084 17465-17084 19682-17086 18490-17086 17095-16823 19288-17084 17465-17084 19682-17086 Important 18490-17086 Important 17095-16823 Important 19288-17084 Important 17465-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17095-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19288-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17465-17084 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:01:52 <p>Information published.</p> xsk: fix an integer overflow in xp_create_and_assign_umem() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21997 Integer Overflow or Wraparound 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> proc: fix UAF in proc_get_inode() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21999 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 Important 17095-16823 Important 19288-17084 19682-17086 Important 17465-17084 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:26:05 <p>Information published.</p> net: atm: fix use after free in lec_send() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22004 Use After Free 19682-17086 18490-17086 17095-16823 19288-17084 17465-17084 19682-17086 18490-17086 17095-16823 19288-17084 17465-17084 19682-17086 Important 18490-17086 Important 17095-16823 Important 19288-17084 Important 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19288-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:24:52 <p>Information published.</p> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22005 Missing Release of Memory after Effective Lifetime 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> RDMA/hns: Fix soft lockup during bt pages loop <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22010 Improper Locking 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 Moderate 17095-16823 Moderate 19288-17084 19682-17086 17465-17084 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:54:15 <p>Information published.</p> soc: qcom: pdr: Fix the potential deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22014 19682-17086 17465-17084 17095-16823 19288-17084 18490-17086 19682-17086 17465-17084 17095-16823 19288-17084 18490-17086 19682-17086 17465-17084 Moderate 17095-16823 Moderate 19288-17084 18490-17086 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:03:17 <p>Information published.</p> netfilter: nft_tunnel: fix geneve_opt type confusion addition <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22056 Out-of-bounds Write 19705-17086 19734-17084 17099-17086 17095-16823 19705-17086 19734-17084 17099-17086 17095-16823 19705-17086 Important 19734-17084 Important 17099-17086 Important 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T04:07:29 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22063 NULL Pointer Dereference 19734-17084 19705-17086 17095-16823 17099-17086 19734-17084 19705-17086 17095-16823 17099-17086 Moderate 19734-17084 19705-17086 Moderate 17095-16823 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T04:13:37 <p>Information published.</p> drm/vkms: Fix use after free and double free on init error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22097 19734-17084 17099-17086 17095-16823 19705-17086 19734-17084 17099-17086 17095-16823 19705-17086 Important 19734-17084 Important 17099-17086 Important 17095-16823 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T03:50:46 <p>Information published.</p> Request smuggling due to acceptance of invalid chunked data in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-22871 19747-17086 18447-17086 18444-17086 18444-16823 19718-17086 19712-17086 19697-17084 19730-17086 19785-17086 19668-17086 17667-17084 18315-17084 19693-17084 19679-17084 19747-17086 18447-17086 18444-17086 18444-16823 19718-17086 19712-17086 19697-17084 19730-17086 19785-17086 19668-17086 17667-17084 18315-17084 19693-17084 19679-17084 19747-17086 Important 18447-17086 Important 18444-17086 Important 18444-16823 19718-17086 Important 19712-17086 Important 19697-17084 Important 19730-17086 Important 19785-17086 Important 19668-17086 Important 17667-17084 Important 18315-17084 Important 19693-17084 Important 19679-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19747-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 18447-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 18444-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 18444-16823 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19718-17086 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 19712-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19697-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19730-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19785-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19668-17086 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 17667-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 18315-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 19693-17084 8.2 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 19679-17084 CBL-Mariner Releases 19747-17086 18444-17086 18444-16823 No Security Update 1.22.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19747-17086 18444-17086 18444-16823 CBL-Mariner Releases CBL-Mariner Releases 19730-17086 No Security Update 1.24.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19730-17086 CBL-Mariner Releases CBL-Mariner Releases 19785-17086 No Security Update 1.18.8-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19785-17086 CBL-Mariner Releases 3.0 2026-02-21T02:23:18 <p>Information published.</p> 1.0 2025-04-18T00:00:00 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-22872 20303-17084 20305-17084 20252-17086 19609-17084 19969-17086 18211-17084 19594-17084 19963-17086 20312-17086 19939-17086 19680-17086 20382-17086 20433-17084 19332-17084 19333-17084 19334-17084 19335-17084 19336-17084 19337-17084 19338-17084 19339-17084 19340-17084 19341-17084 19342-17084 19343-17084 19344-17084 19345-17084 19346-17084 19347-17084 19348-17084 17793-17084 19426-17084 19761-17086 20001-17084 19782-17086 19754-17086 19698-17086 19945-17086 20004-17084 20319-17086 20321-17084 20383-17086 20303-17084 20305-17084 20252-17086 19609-17084 19969-17086 18211-17084 19594-17084 19963-17086 20312-17086 19939-17086 19680-17086 20382-17086 20433-17084 19332-17084 19333-17084 19334-17084 19335-17084 19336-17084 19337-17084 19338-17084 19339-17084 19340-17084 19341-17084 19342-17084 19343-17084 19344-17084 19345-17084 19346-17084 19347-17084 19348-17084 17793-17084 19426-17084 19761-17086 20001-17084 19782-17086 19754-17086 19698-17086 19945-17086 20004-17084 20319-17086 20321-17084 20383-17086 Moderate 20303-17084 Moderate 20305-17084 Moderate 20252-17086 Moderate 19609-17084 Moderate 19969-17086 Moderate 18211-17084 Moderate 19594-17084 Moderate 19963-17086 Moderate 20312-17086 Moderate 19939-17086 Moderate 19680-17086 Moderate 20382-17086 Moderate 20433-17084 Moderate 19332-17084 Moderate 19333-17084 Moderate 19334-17084 Moderate 19335-17084 Moderate 19336-17084 Moderate 19337-17084 Moderate 19338-17084 Moderate 19339-17084 Moderate 19340-17084 Moderate 19341-17084 Moderate 19342-17084 Moderate 19343-17084 Moderate 19344-17084 Moderate 19345-17084 Moderate 19346-17084 Moderate 19347-17084 Moderate 19348-17084 Moderate 17793-17084 Moderate 19426-17084 Moderate 19761-17086 Moderate 20001-17084 Moderate 19782-17086 19754-17086 Moderate 19698-17086 Moderate 19945-17086 Moderate 20004-17084 20319-17086 20321-17084 Moderate 20383-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20303-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20305-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20252-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19609-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19969-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 18211-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19594-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19963-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20312-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19939-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19680-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20382-17086 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 20433-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19332-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19333-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19334-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19335-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19336-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19337-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19338-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19339-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19340-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19341-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19342-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19343-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19344-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19345-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19346-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19347-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19348-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 17793-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19426-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19761-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20001-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19782-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19754-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19698-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19945-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20004-17084 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 20319-17086 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 20321-17084 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 20383-17086 CBL-Mariner Releases 20303-17084 No Security Update 1.32.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20303-17084 CBL-Mariner Releases CBL-Mariner Releases 20305-17084 No Security Update 0.14.0-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20305-17084 CBL-Mariner Releases CBL-Mariner Releases 20252-17086 No Security Update 1.11.2-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20252-17086 CBL-Mariner Releases CBL-Mariner Releases 19609-17084 No Security Update 2.0.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19609-17084 CBL-Mariner Releases CBL-Mariner Releases 19969-17086 No Security Update 1.3.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19969-17086 CBL-Mariner Releases CBL-Mariner Releases 19594-17084 No Security Update 1.12.15-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19594-17084 CBL-Mariner Releases CBL-Mariner Releases 19963-17086 No Security Update 3.14.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19963-17086 CBL-Mariner Releases CBL-Mariner Releases 20312-17086 No Security Update 4.0.2-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20312-17086 CBL-Mariner Releases CBL-Mariner Releases 19939-17086 No Security Update 1.29.4-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19939-17086 CBL-Mariner Releases CBL-Mariner Releases 19680-17086 No Security Update 3.6.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19680-17086 CBL-Mariner Releases CBL-Mariner Releases 20382-17086 No Security Update 1.29.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20382-17086 CBL-Mariner Releases CBL-Mariner Releases 20433-17084 20319-17086 20321-17084 No Security Update 1.17.8-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20433-17084 20319-17086 20321-17084 CBL-Mariner Releases CBL-Mariner Releases 19332-17084 No Security Update 0.0.10-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19332-17084 CBL-Mariner Releases CBL-Mariner Releases 19333-17084 No Security Update 3.15.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19333-17084 CBL-Mariner Releases CBL-Mariner Releases 19334-17084 No Security Update 2.27.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19334-17084 CBL-Mariner Releases CBL-Mariner Releases 19335-17084 No Security Update 1.9.5-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19335-17084 CBL-Mariner Releases CBL-Mariner Releases 19336-17084 No Security Update 0.12.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19336-17084 CBL-Mariner Releases CBL-Mariner Releases 19337-17084 No Security Update 8.7.11-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19337-17084 CBL-Mariner Releases CBL-Mariner Releases 19338-17084 No Security Update 2.62.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19338-17084 CBL-Mariner Releases CBL-Mariner Releases 19339-17084 No Security Update 1.2.0-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19339-17084 CBL-Mariner Releases CBL-Mariner Releases 19340-17084 No Security Update 1.30.10-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19340-17084 CBL-Mariner Releases CBL-Mariner Releases 19341-17084 No Security Update 3.7.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19341-17084 CBL-Mariner Releases CBL-Mariner Releases 19342-17084 No Security Update 0.37.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19342-17084 CBL-Mariner Releases CBL-Mariner Releases 19343-17084 No Security Update 1.31.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19343-17084 CBL-Mariner Releases CBL-Mariner Releases 19344-17084 No Security Update 2.7.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19344-17084 CBL-Mariner Releases CBL-Mariner Releases 19345-17084 No Security Update 4.0.2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19345-17084 CBL-Mariner Releases CBL-Mariner Releases 19346-17084 No Security Update 1.57.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19346-17084 CBL-Mariner Releases CBL-Mariner Releases 19347-17084 No Security Update 2.14.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19347-17084 CBL-Mariner Releases CBL-Mariner Releases 19348-17084 No Security Update 1.4.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19348-17084 CBL-Mariner Releases CBL-Mariner Releases 19761-17086 No Security Update 1.28.4-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19761-17086 CBL-Mariner Releases CBL-Mariner Releases 19782-17086 No Security Update 0.59.0-28 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19782-17086 CBL-Mariner Releases CBL-Mariner Releases 19754-17086 No Security Update 1.29.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19754-17086 CBL-Mariner Releases CBL-Mariner Releases 19698-17086 No Security Update 17.0.7-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19698-17086 CBL-Mariner Releases CBL-Mariner Releases 19945-17086 No Security Update 1.9.5-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19945-17086 CBL-Mariner Releases CBL-Mariner Releases 20004-17084 No Security Update 2.8.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20004-17084 CBL-Mariner Releases CBL-Mariner Releases 20383-17086 No Security Update 1.17.8-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20383-17086 CBL-Mariner Releases 1.0 2025-04-29T00:00:00 <p>Information published.</p> 3.0 2025-05-27T00:00:00 <p>Information published.</p> 4.0 2025-06-06T00:00:00 <p>Added packer to CBL-Mariner 2.0 Added cni-plugins to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added cni-plugins to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added gh to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 5.0 2025-07-10T00:00:00 <p>Added cert-manager to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added kubernetes to CBL-Mariner 2.0 Added multus to CBL-Mariner 2.0 Added telegraf to CBL-Mariner 2.0 Added vitess to CBL-Mariner 2.0 Added packer to CBL-Mariner 2.0 Added cni-plugins to CBL-Mariner 2.0 Added kubevirt to CBL-Mariner 2.0 Added sriov-network-device-plugin to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added containerd2 to Azure Linux 3.0 Added dasel to Azure Linux 3.0 Added docker-buildx to Azure Linux 3.0 Added cni-plugins to Azure Linux 3.0 Added helm to Azure Linux 3.0 Added ig to Azure Linux 3.0 Added influxdb to Azure Linux 3.0 Added kubernetes to Azure Linux 3.0 Added kubevirt to Azure Linux 3.0 Added multus to Azure Linux 3.0 Added telegraf to Azure Linux 3.0 Added cf-cli to Azure Linux 3.0 Added containerized-data-importer to Azure Linux 3.0 Added docker-compose to Azure Linux 3.0 Added gh to Azure Linux 3.0 Added kube-vip-cloud-provider to Azure Linux 3.0 Added packer to Azure Linux 3.0 Added prometheus-adapter to Azure Linux 3.0 Added sriov-network-device-plugin to Azure Linux 3.0 Added keda to Azure Linux 3.0</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 5.1 2026-02-21T03:17:13 <p>Information published.</p> Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-2784 Out-of-bounds Read 20113-17086 19446-17084 19401-16823 19402-17084 20113-17086 19446-17084 19401-16823 19402-17084 Important 20113-17086 Important 19446-17084 Important 19401-16823 Important 19402-17084 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 20113-17086 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 19446-17084 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 19401-16823 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 19402-17084 CBL-Mariner Releases 20113-17086 19401-16823 No Security Update 3.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19401-16823 CBL-Mariner Releases CBL-Mariner Releases 19446-17084 19402-17084 No Security Update 3.4.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 19402-17084 CBL-Mariner Releases 1.0 2025-05-06T00:00:00 <p>Information published.</p> 1.1 2025-06-20T00:00:00 <p>Added libsoup to CBL-Mariner 2.0 Added libsoup to Azure Linux 3.0</p> 1.2 2026-02-18T02:15:09 <p>Information published.</p> NATS-Server Fails to Authorize Certain Jetstream Admin APIs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-30215 Missing Authentication for Critical Function 19939-17086 19437-16823 19438-17084 19343-17084 19939-17086 19437-16823 19438-17084 19343-17084 Critical 19939-17086 Critical 19437-16823 Critical 19438-17084 Critical 19343-17084 9.6 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 19939-17086 9.6 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 19437-16823 9.6 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 19438-17084 9.6 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 19343-17084 CBL-Mariner Releases 19939-17086 19437-16823 No Security Update 1.29.4-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19939-17086 19437-16823 CBL-Mariner Releases CBL-Mariner Releases 19438-17084 19343-17084 No Security Update 1.31.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19438-17084 19343-17084 CBL-Mariner Releases 1.0 2025-04-22T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:56:08 <p>Information published.</p> XZ has a heap-use-after-free bug in threaded .xz decoder <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-31115 Race Condition within a Thread 19442-17084 19442-17084 Important 19442-17084 CBL-Mariner Releases 19442-17084 No Security Update 5.4.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19442-17084 CBL-Mariner Releases 1.0 2025-04-11T00:00:00 <p>Information published.</p> The giflib open-source component has a buffer overflow vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner openEuler Yes CVE-2025-31344 Heap-based Buffer Overflow 20204-17086 19668-17086 19085-17084 19443-16823 19444-17084 17667-17084 20204-17086 19668-17086 19085-17084 19443-16823 19444-17084 17667-17084 Important 20204-17086 Important 19668-17086 Important 19085-17084 Important 19443-16823 Important 19444-17084 Important 17667-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 20204-17086 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 19668-17086 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 19085-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 19443-16823 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 19444-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17667-17084 CBL-Mariner Releases 20204-17086 19085-17084 19443-16823 19444-17084 No Security Update 5.2.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20204-17086 19085-17084 19443-16823 19444-17084 CBL-Mariner Releases 1.0 2025-04-22T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:09:55 <p>Information published.</p> Libsoup: integer overflow in append_param_quoted <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32050 Buffer Under-read 19446-17084 20113-17086 19401-16823 19402-17084 19446-17084 20113-17086 19401-16823 19402-17084 Moderate 19446-17084 Moderate 20113-17086 Moderate 19401-16823 Moderate 19402-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19446-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20113-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19401-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19402-17084 CBL-Mariner Releases 19446-17084 19402-17084 No Security Update 3.4.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 19402-17084 CBL-Mariner Releases CBL-Mariner Releases 20113-17086 19401-16823 No Security Update 3.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19401-16823 CBL-Mariner Releases 1.0 2025-05-06T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:17:07 <p>Information published.</p> Libsoup: segmentation fault when parsing malformed data uri <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32051 Improper Check for Unusual or Exceptional Conditions 20113-17086 19401-16823 19402-17084 19446-17084 20113-17086 19401-16823 19402-17084 19446-17084 Moderate 20113-17086 Moderate 19401-16823 Moderate 19402-17084 Moderate 19446-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20113-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19401-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19402-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19446-17084 CBL-Mariner Releases 20113-17086 19401-16823 No Security Update 3.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19401-16823 CBL-Mariner Releases CBL-Mariner Releases 19402-17084 19446-17084 No Security Update 3.4.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19402-17084 19446-17084 CBL-Mariner Releases 1.0 2025-05-06T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:11:01 <p>Information published.</p> Libsoup: heap buffer overflow in sniff_unknown() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32052 Buffer Over-read 20113-17086 19401-16823 19402-17084 19446-17084 20113-17086 19401-16823 19402-17084 19446-17084 Moderate 20113-17086 Moderate 19401-16823 Moderate 19402-17084 Moderate 19446-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20113-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 19401-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 19402-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 19446-17084 CBL-Mariner Releases 20113-17086 19401-16823 No Security Update 3.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19401-16823 CBL-Mariner Releases CBL-Mariner Releases 19402-17084 19446-17084 No Security Update 3.4.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19402-17084 19446-17084 CBL-Mariner Releases 1.0 2025-05-06T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:12:33 <p>Information published.</p> Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-32386 Memory Allocation with Excessive Size Value 19594-17084 19333-17084 19963-17086 20252-17086 19594-17084 19333-17084 19963-17086 20252-17086 Moderate 19594-17084 Moderate 19333-17084 Moderate 19963-17086 Moderate 20252-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19594-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19333-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19963-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20252-17086 CBL-Mariner Releases 19594-17084 No Security Update 1.12.15-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19594-17084 CBL-Mariner Releases CBL-Mariner Releases 19333-17084 No Security Update 3.15.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19333-17084 CBL-Mariner Releases CBL-Mariner Releases 19963-17086 No Security Update 3.14.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19963-17086 CBL-Mariner Releases CBL-Mariner Releases 20252-17086 No Security Update 1.11.2-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20252-17086 CBL-Mariner Releases 2.1 2026-02-18T02:15:19 <p>Information published.</p> 1.0 2025-05-27T00:00:00 <p>Information published.</p> 2.0 2025-07-10T00:00:00 <p>Added cert-manager to CBL-Mariner 2.0 Added helm to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added helm to Azure Linux 3.0</p> In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-32414 Return of Wrong Status Code 20228-17086 19447-17084 20228-17086 19447-17084 Moderate 20228-17086 Moderate 19447-17084 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20228-17086 5.6 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 19447-17084 CBL-Mariner Releases 20228-17086 No Security Update 2.10.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20228-17086 CBL-Mariner Releases CBL-Mariner Releases 19447-17084 No Security Update 2.11.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19447-17084 CBL-Mariner Releases 1.0 2025-05-27T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libxml2 to CBL-Mariner 2.0 Added libxml2 to Azure Linux 3.0</p> 2.1 2026-02-21T02:34:56 <p>Information published.</p> PyTorch: `torch.load` with `weights_only=True` leads to remote code execution <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-32434 Deserialization of Untrusted Data 19949-17086 19450-16823 19451-17084 19407-17084 19949-17086 19450-16823 19451-17084 19407-17084 Critical 19949-17086 Critical 19450-16823 Critical 19451-17084 Critical 19407-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19949-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19450-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19451-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19407-17084 CBL-Mariner Releases 19949-17086 19450-16823 No Security Update 2.0.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19949-17086 19450-16823 CBL-Mariner Releases CBL-Mariner Releases 19451-17084 19407-17084 No Security Update 2.2.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19451-17084 19407-17084 CBL-Mariner Releases 1.0 2025-04-24T00:00:00 <p>Information published.</p> 3.1 2026-02-21T03:33:35 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2025-05-28T00:00:00 <p>Added pytorch to CBL-Mariner 2.0 Added pytorch to Azure Linux 3.0</p> HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-32464 Comparison Using Wrong Factors 17219-17086 19452-17084 20207-17086 17219-17086 19452-17084 20207-17086 Moderate 17219-17086 Moderate 19452-17084 20207-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 17219-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 19452-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 20207-17086 CBL-Mariner Releases 19452-17084 No Security Update 2.9.11-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19452-17084 CBL-Mariner Releases 2.0 2026-02-21T02:30:56 <p>Information published.</p> 1.0 2025-04-22T00:00:00 <p>Information published.</p> Libsoup: out of bounds reads in soup_headers_parse_request() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32906 Out-of-bounds Read 19446-17084 19454-16823 19455-17084 20113-17086 19446-17084 19454-16823 19455-17084 20113-17086 Important 19446-17084 Important 19454-16823 Important 19455-17084 Important 20113-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19446-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19454-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19455-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20113-17086 CBL-Mariner Releases 19446-17084 19455-17084 No Security Update 3.4.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 19455-17084 CBL-Mariner Releases CBL-Mariner Releases 19454-16823 20113-17086 No Security Update 3.0.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19454-16823 20113-17086 CBL-Mariner Releases 1.0 2025-04-22T00:00:00 <p>Information published.</p> 2.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-21T02:49:51 <p>Information published.</p> Libsoup: denial of service on libsoup through http/2 server <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32908 Misinterpretation of Input 19456-17084 19446-17084 19456-17084 19446-17084 Important 19456-17084 Important 19446-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19456-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19446-17084 CBL-Mariner Releases 19456-17084 19446-17084 No Security Update 3.4.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19456-17084 19446-17084 CBL-Mariner Releases 1.0 2025-04-29T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:55:03 <p>Information published.</p> Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32912 NULL Pointer Dereference 20186-17086 19455-17084 19446-17084 20186-17086 19455-17084 19446-17084 Moderate 20186-17086 Moderate 19455-17084 Moderate 19446-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20186-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19455-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19446-17084 CBL-Mariner Releases 20186-17086 No Security Update 3.0.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20186-17086 CBL-Mariner Releases CBL-Mariner Releases 19455-17084 19446-17084 No Security Update 3.4.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19455-17084 19446-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libsoup to CBL-Mariner 2.0 Added libsoup to Azure Linux 3.0</p> 2.1 2026-02-21T02:57:17 <p>Information published.</p> Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32913 NULL Pointer Dereference 20113-17086 19454-16823 19455-17084 19446-17084 20113-17086 19454-16823 19455-17084 19446-17084 Important 20113-17086 Important 19454-16823 Important 19455-17084 Important 19446-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20113-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19454-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19455-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19446-17084 CBL-Mariner Releases 20113-17086 19454-16823 No Security Update 3.0.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19454-16823 CBL-Mariner Releases CBL-Mariner Releases 19455-17084 19446-17084 No Security Update 3.4.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19455-17084 19446-17084 CBL-Mariner Releases 1.0 2025-04-22T00:00:00 <p>Information published.</p> 2.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-21T02:52:02 <p>Information published.</p> PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-3730 Improper Resource Shutdown or Release 19407-17084 19450-16823 19451-17084 19949-17086 19407-17084 19450-16823 19451-17084 19949-17086 Moderate 19407-17084 Moderate 19450-16823 Moderate 19451-17084 Moderate 19949-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19407-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19450-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19451-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19949-17086 CBL-Mariner Releases 19407-17084 19451-17084 No Security Update 2.2.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19407-17084 19451-17084 CBL-Mariner Releases CBL-Mariner Releases 19450-16823 19949-17086 No Security Update 2.0.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19450-16823 19949-17086 CBL-Mariner Releases 1.0 2025-04-24T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2025-05-28T00:00:00 <p>Added pytorch to CBL-Mariner 2.0 Added pytorch to Azure Linux 3.0</p> 3.1 2026-02-21T03:26:45 <p>Information published.</p> ext4: fix OOB read when checking dotdot dir <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-37785 Out-of-bounds Read 19705-17086 19734-17084 17099-17086 17095-16823 19705-17086 19734-17084 17099-17086 17095-16823 19705-17086 Important 19734-17084 Important 17099-17086 Important 17095-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19705-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19734-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17099-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17095-16823 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T04:14:40 <p>Information published.</p> Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-46420 Missing Release of Memory after Effective Lifetime 20113-17086 19446-17084 19401-16823 19402-17084 20113-17086 19446-17084 19401-16823 19402-17084 Moderate 20113-17086 Moderate 19446-17084 Moderate 19401-16823 Moderate 19402-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20113-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19446-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19401-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19402-17084 CBL-Mariner Releases 20113-17086 19401-16823 No Security Update 3.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19401-16823 CBL-Mariner Releases CBL-Mariner Releases 19446-17084 19402-17084 No Security Update 3.4.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 19402-17084 CBL-Mariner Releases 1.0 2025-05-06T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:23:14 <p>Information published.</p> cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26819 Expected Behavior Violation 19531-17084 20342-17084 20442-17084 20564-17084 20730-17084 19531-17084 20342-17084 20442-17084 20564-17084 20730-17084 Low 19531-17084 Low 20342-17084 Low 20442-17084 Low 20564-17084 Low 20730-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19531-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20342-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20442-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20564-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20730-17084 CBL-Mariner Releases 20342-17084 No Security Update 1.7.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20342-17084 CBL-Mariner Releases 2.0 2025-12-07T01:44:25 <p>Information published.</p> 2.1 2026-02-21T03:31:58 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-53034 19734-17084 19734-17084 Moderate 19734-17084 6.0 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 19734-17084 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:16:21 <p>Information published.</p> Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21580 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 Moderate 17153-17086 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:35:56 <p>Information published.</p> Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30696 Improper Access Control 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 Moderate 19547-16823 Moderate 19591-17084 19852-17086 Moderate 17539-17084 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:38:14 <p>Information published.</p> Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30704 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.4 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:39:34 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21574 Uncontrolled Resource Consumption 19547-16823 19591-17084 19852-17086 17153-17086 17539-17084 19547-16823 19591-17084 19852-17086 17153-17086 17539-17084 Moderate 19547-16823 Moderate 19591-17084 19852-17086 Moderate 17153-17086 Moderate 17539-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 CBL-Mariner Releases 19547-16823 19591-17084 19852-17086 17153-17086 17539-17084 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 19852-17086 17153-17086 17539-17084 CBL-Mariner Releases 2.0 2026-02-21T03:39:17 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21931 19529-17084 19734-17084 17087-17086 19529-17084 19734-17084 17087-17086 Moderate 19529-17084 Moderate 19734-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:02:23 <p>Information published.</p> ksmbd: fix use-after-free in ksmbd_free_work_struct <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21967 17465-17084 18490-17086 19682-17086 17465-17084 18490-17086 19682-17086 Important 17465-17084 Important 18490-17086 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 CBL-Mariner Releases 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:33:50 <p>Information published.</p> memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove https://nvd.nist.gov/vuln/detail/CVE-2025-22020 https://nvd.nist.gov/vuln/detail/CVE-2025-22020 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22020 12356 12357 19734-17084 12356 12357 19734-17084 12356 12357 Important 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 kernel 12356 kernel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22020 12356 kernel kernel 12357 kernel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22020 12357 kernel CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:36:08 <p>Information published.</p> nfsd: put dl_stid if fail to queue dl_recall <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22025 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:28:24 <p>Information published.</p> arm64: Don't call NULL in do_compat_alignment_fixup() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22033 NULL Pointer Dereference 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T04:12:32 <p>Information published.</p> ksmbd: validate zero num_subauth before sub_auth is accessed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22038 18490-17086 19682-17086 19734-17084 18490-17086 19682-17086 19734-17084 Important 18490-17086 19682-17086 Important 19734-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 18490-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19682-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19734-17084 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.0 2026-02-21T04:09:56 <p>Information published.</p> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22044 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T14:18:11 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> ksmbd: add bounds check for durable handle context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22043 19529-17084 19734-17084 17087-17086 19529-17084 19734-17084 17087-17086 Moderate 19529-17084 Moderate 19734-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 2.0 2025-11-18T01:37:47 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> 3.0 2025-11-25T01:36:14 <p>Information published.</p> 3.1 2026-02-18T02:57:45 <p>Information published.</p> arcnet: Add NULL check in com20020pci_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22054 NULL Pointer Dereference 19705-17086 17099-17086 19734-17084 19705-17086 17099-17086 19734-17084 19705-17086 Moderate 17099-17086 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T04:11:03 <p>Information published.</p> udp: Fix memory accounting leak. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22058 19529-17084 19734-17084 17087-17086 19529-17084 19734-17084 17087-17086 Important 19529-17084 Important 19734-17084 Moderate 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19734-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.1 2026-02-18T01:59:09 <p>Information published.</p> 2.0 2026-02-24T14:35:33 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> netfilter: nf_tables: don't unregister hook when table is dormant <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22064 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:50:16 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> spufs: fix gang directory lifetimes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22072 19529-17084 19734-17084 17087-17086 19529-17084 19734-17084 17087-17086 Moderate 19529-17084 Moderate 19734-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:33:38 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> rtnetlink: Allocate vfinfo size for VF GUIDs when supported <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22075 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:09:44 <p>Information published.</p> fs/ntfs3: Fix a couple integer overflows on 32bit systems https://nvd.nist.gov/vuln/detail/CVE-2025-22081 https://nvd.nist.gov/vuln/detail/CVE-2025-22081 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22081 12357 12356 19734-17084 12357 12356 19734-17084 12357 12356 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 kernel 12357 kernel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22081 12357 kernel kernel 12356 kernel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22081 12356 kernel CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.1 2026-02-21T02:39:33 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22086 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:02:50 <p>Information published.</p> md: fix mddev uaf while iterating all_mddevs list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22126 19529-17084 19734-17084 19529-17084 19734-17084 Important 19529-17084 Important 19734-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:40:04 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30682 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 Moderate 17153-17086 19852-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:40:51 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30685 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 2.0 2026-02-19T01:37:14 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30687 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 2.0 2026-02-19T01:35:41 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30688 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:38:30 <p>Information published.</p> Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-32387 Stack-based Buffer Overflow 19594-17084 19963-17086 19333-17084 20252-17086 20949-17086 20381-17086 20781-17086 19594-17084 19963-17086 19333-17084 20252-17086 20949-17086 20381-17086 20781-17086 Moderate 19594-17084 Moderate 19963-17086 Moderate 19333-17084 20252-17086 Moderate 20949-17086 Moderate 20381-17086 Moderate 20781-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19594-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19963-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19333-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20252-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20949-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20381-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20781-17086 CBL-Mariner Releases 19594-17084 No Security Update 1.12.15-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19594-17084 CBL-Mariner Releases CBL-Mariner Releases 19963-17086 No Security Update 3.14.2-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19963-17086 CBL-Mariner Releases CBL-Mariner Releases 19333-17084 No Security Update 3.15.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19333-17084 CBL-Mariner Releases 3.0 2026-01-03T01:36:46 <p>Information published.</p> 3.1 2026-02-18T02:00:22 <p>Information published.</p> 4.0 2026-03-03T15:00:51 <p>Information published.</p> 1.0 2025-05-27T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added helm to CBL-Mariner 2.0 Added cert-manager to Azure Linux 3.0 Added helm to Azure Linux 3.0</p> Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32907 Excessive Platform Resource Consumption within a Loop 19551-16823 19596-17084 20186-17086 19551-16823 19596-17084 20186-17086 Important 19551-16823 Important 19596-17084 Important 20186-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19551-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19596-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20186-17086 CBL-Mariner Releases 19551-16823 20186-17086 No Security Update 3.0.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19551-16823 20186-17086 CBL-Mariner Releases CBL-Mariner Releases 19596-17084 No Security Update 3.4.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19596-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:58:16 <p>Information published.</p> net_sched: skbprio: Remove overly strict queue assertions <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38637 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:43:22 <p>Information published.</p> ksmbd: use aead_request_free to match aead_request_alloc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38575 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:15:31 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> f2fs: fix potential deadloop in prepare_compress_overwrite() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22127 20553-17084 19683-17084 20412-17084 17087-17086 20553-17084 19683-17084 20412-17084 17087-17086 Moderate 20553-17084 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-03T21:50:44 <p>Information published.</p> net: fix NULL pointer dereference in l3mdev_l3_rcv <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22103 NULL Pointer Dereference 19683-17084 20613-17084 20925-17086 21093-17086 20412-17084 20553-17084 17087-17086 19683-17084 20613-17084 20925-17086 21093-17086 20412-17084 20553-17084 17087-17086 19683-17084 Moderate 20613-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 2.0 2025-12-02T14:35:09 <p>Information published.</p> 3.0 2026-03-03T14:51:44 <p>Information published.</p> 4.0 2026-03-31T15:05:41 <p>Information published.</p> 1.0 2025-09-03T21:51:51 <p>Information published.</p> md/raid1,raid10: don't ignore IO flags <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22125 19683-17084 20412-17084 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 20553-17084 20860-17084 21248-17084 19683-17084 20412-17084 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 20553-17084 20860-17084 21248-17084 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 20553-17084 Moderate 20860-17084 Moderate 21248-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 19683-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20613-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20725-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20788-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20956-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20553-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20860-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 21248-17084 1.0 2025-09-03T21:54:28 <p>Information published.</p> 2.0 2025-12-07T01:45:58 <p>Information published.</p> 3.0 2026-01-08T14:45:11 <p>Information published.</p> 5.0 2026-02-19T01:43:24 <p>Information published.</p> 6.0 2026-03-03T14:51:26 <p>Information published.</p> 7.0 2026-03-04T14:40:09 <p>Information published.</p> 8.0 2026-03-31T14:55:48 <p>Information published.</p> 9.0 2026-04-29T14:47:13 <p>Information published.</p> 10.0 2026-05-02T14:37:29 <p>Information published.</p> 4.0 2026-01-20T14:40:35 <p>Information published.</p> fbdev: hyperv_fb: Allow graceful removal of framebuffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21976 17087-17086 20613-17084 20725-17084 20823-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20412-17084 20553-17084 20788-17084 20860-17084 20956-17084 21308-17084 21344-17084 17087-17086 20613-17084 20725-17084 20823-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20412-17084 20553-17084 20788-17084 20860-17084 20956-17084 21308-17084 21344-17084 Moderate 17087-17086 Low 20613-17084 Low 20725-17084 Low 20823-17084 Moderate 20925-17086 Low 21094-17084 Moderate 21093-17086 Low 21248-17084 Low 21332-17084 19683-17084 Moderate 20412-17084 Low 20553-17084 Low 20788-17084 Low 20860-17084 Low 20956-17084 Low 21308-17084 Low 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20613-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20725-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21248-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20553-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20788-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20860-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20956-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21308-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21344-17084 2.0 2025-12-07T01:40:20 <p>Information published.</p> 4.0 2026-01-20T14:50:09 <p>Information published.</p> 5.0 2026-02-19T01:51:15 <p>Information published.</p> 6.0 2026-03-03T14:48:00 <p>Information published.</p> 8.0 2026-03-31T15:18:02 <p>Information published.</p> 11.0 2026-05-11T01:47:49 <p>Information published.</p> 1.0 2025-09-03T21:54:27 <p>Information published.</p> 3.0 2026-01-08T14:37:21 <p>Information published.</p> 7.0 2026-03-04T14:44:54 <p>Information published.</p> 9.0 2026-04-29T14:55:47 <p>Information published.</p> 10.0 2026-05-06T14:49:26 <p>Information published.</p> 12.0 2026-05-17T14:48:50 <p>Information published.</p> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22107 20613-17084 20725-17084 20788-17084 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 17087-17086 20823-17084 20860-17084 20613-17084 20725-17084 20788-17084 20925-17086 21093-17086 19683-17084 20412-17084 20553-17084 17087-17086 20823-17084 20860-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Important 20925-17086 Important 21093-17086 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Important 17087-17086 Moderate 20823-17084 Moderate 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 1.0 2025-09-03T21:56:06 <p>Information published.</p> 2.0 2025-12-07T01:46:07 <p>Information published.</p> 6.0 2026-03-03T14:49:58 <p>Information published.</p> 7.0 2026-03-31T15:03:38 <p>Information published.</p> 3.0 2026-01-08T14:45:21 <p>Information published.</p> 4.0 2026-01-20T14:40:45 <p>Information published.</p> 5.0 2026-02-19T01:43:36 <p>Information published.</p> jfs: add check read-only before txBeginAnon() call <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-58095 19529-17084 17087-17086 19529-17084 17087-17086 Moderate 19529-17084 Moderate 17087-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-03T22:00:27 <p>Information published.</p> 1.1 2026-02-19T01:51:38 <p>Information published.</p> ibmvnic: Use kernel helpers for hex dumps <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22104 17087-17086 19529-17084 17087-17086 19529-17084 Important 17087-17086 Important 19529-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19529-17084 1.0 2025-09-03T22:08:41 <p>Information published.</p> 1.1 2026-02-18T01:06:27 <p>Information published.</p> ext4: avoid journaling sb update on error if journal is destroying <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22113 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21093-17086 21248-17084 20412-17084 20553-17084 20788-17084 20860-17084 20925-17086 21308-17084 21332-17084 21344-17084 19683-17084 17087-17086 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21093-17086 21248-17084 20412-17084 20553-17084 20788-17084 20860-17084 20925-17086 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 17087-17086 Important 20613-17084 Important 20725-17084 Important 20823-17084 Important 20956-17084 Important 21094-17084 Moderate 21093-17086 Important 21248-17084 Important 20412-17084 Important 20553-17084 Important 20788-17084 Important 20860-17084 Moderate 20925-17086 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21332-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21344-17084 2.0 2025-12-07T01:46:57 <p>Information published.</p> 4.0 2026-01-20T14:41:26 <p>Information published.</p> 6.0 2026-03-03T14:50:51 <p>Information published.</p> 7.0 2026-03-04T14:40:37 <p>Information published.</p> 9.0 2026-04-29T14:47:51 <p>Information published.</p> 1.0 2025-09-03T22:14:36 <p>Information published.</p> 3.0 2026-01-08T14:45:58 <p>Information published.</p> 5.0 2026-02-19T01:44:21 <p>Information published.</p> 8.0 2026-03-31T14:58:10 <p>Information published.</p> 10.0 2026-05-06T14:42:31 <p>Information published.</p> 11.0 2026-05-11T01:41:25 <p>Information published.</p> 12.0 2026-05-17T14:42:38 <p>Information published.</p> bnxt_en: Mask the bd_cnt field in the TX BD properly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22108 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T22:26:32 <p>Information published.</p> 2.0 2025-12-07T01:47:32 <p>Information published.</p> 5.0 2026-02-19T01:44:57 <p>Information published.</p> 6.0 2026-03-04T14:41:05 <p>Information published.</p> 8.0 2026-04-29T14:48:29 <p>Information published.</p> 3.0 2026-01-08T14:46:30 <p>Information published.</p> 4.0 2026-01-20T14:42:08 <p>Information published.</p> 7.0 2026-03-31T14:59:44 <p>Information published.</p> 9.0 2026-05-06T14:42:57 <p>Information published.</p> 10.0 2026-05-11T01:41:52 <p>Information published.</p> 11.0 2026-05-17T14:43:05 <p>Information published.</p> Reference counting in php_request_shutdown causes Use-After-Free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner php Yes CVE-2024-11235 Use After Free 20169-17086 19238-17086 20169-17086 19238-17086 20169-17086 Critical 19238-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 20169-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19238-17086 2.0 2026-02-18T02:05:19 <p>Information published.</p> 1.0 2025-09-03T22:31:40 <p>Information published.</p> An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner elastic Yes CVE-2024-52981 Uncontrolled Resource Consumption 20182-17086 20188-17084 20182-17086 20188-17084 Moderate 20182-17086 Moderate 20188-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20182-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20188-17084 1.0 2025-09-03T22:38:10 <p>Information published.</p> 1.1 2026-02-21T02:28:28 <p>Information published.</p> Elasticsearch Uncontrolled Resource Consumption vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner elastic Yes CVE-2024-52980 Uncontrolled Resource Consumption 20182-17086 20188-17084 20182-17086 20188-17084 Moderate 20182-17086 Moderate 20188-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20182-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20188-17084 1.1 2026-02-21T02:29:39 <p>Information published.</p> 1.0 2025-09-03T22:42:44 <p>Information published.</p> wifi: ath11k: fix RCU stall while reaping monitor destination ring <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-58097 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 19682-17086 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-03T22:44:27 <p>Information published.</p> 2.0 2026-02-21T02:32:19 <p>Information published.</p> sctp: add mutual exclusion in proc_sctp_do_udp_port() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22062 NULL Pointer Dereference 19682-17086 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 19682-17086 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 19529-17084 CBL-Mariner Releases 2.0 2026-02-21T02:33:35 <p>Information published.</p> 1.0 2025-09-03T22:47:49 <p>Information published.</p> vmxnet3: unregister xdp rxq info in the reset path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22106 19683-17084 20412-17084 20553-17084 19683-17084 20412-17084 20553-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases 1.0 2025-09-03T22:50:44 <p>Information published.</p> fs/9p: fix NULL pointer dereference on mkdir <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22070 NULL Pointer Dereference 19683-17084 20613-17084 20725-17084 21094-17084 21248-17084 21332-17084 20412-17084 20553-17084 20788-17084 20823-17084 20860-17084 20956-17084 21308-17084 21344-17084 19683-17084 20613-17084 20725-17084 21094-17084 21248-17084 21332-17084 20412-17084 20553-17084 20788-17084 20823-17084 20860-17084 20956-17084 21308-17084 21344-17084 19683-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T23:03:02 <p>Information published.</p> 2.0 2025-12-07T01:45:17 <p>Information published.</p> 3.0 2026-01-08T14:44:39 <p>Information published.</p> 4.0 2026-01-20T14:39:59 <p>Information published.</p> 6.0 2026-03-04T14:39:44 <p>Information published.</p> 7.0 2026-03-31T14:52:30 <p>Information published.</p> 10.0 2026-05-11T01:40:42 <p>Information published.</p> 5.0 2026-02-21T02:38:49 <p>Information published.</p> 8.0 2026-04-29T14:46:11 <p>Information published.</p> 9.0 2026-05-06T14:41:41 <p>Information published.</p> 11.0 2026-05-17T14:41:48 <p>Information published.</p> Libsoup: denial of service attack to websocket server <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32049 Allocation of Resources Without Limits or Throttling 20186-17086 20190-17084 20625-17084 20379-17086 20601-17086 20801-17084 20186-17086 20190-17084 20625-17084 20379-17086 20601-17086 20801-17084 20186-17086 Important 20190-17084 Important 20625-17084 Important 20379-17086 Important 20601-17086 Important 20801-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20186-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20190-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20625-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20379-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20601-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20801-17084 CBL-Mariner Releases 20601-17086 No Security Update 3.0.4-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20601-17086 CBL-Mariner Releases CBL-Mariner Releases 20801-17084 No Security Update 3.4.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20801-17084 CBL-Mariner Releases 1.0 2025-09-03T23:07:03 <p>Information published.</p> 2.0 2026-01-08T14:42:57 <p>Information published.</p> 3.0 2026-02-18T15:14:17 <p>Information published.</p> eth: bnxt: fix truesize for mb-xdp-pass case <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21961 19683-17084 20613-17084 20725-17084 20788-17084 20823-17084 21094-17084 21248-17084 20412-17084 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20613-17084 20725-17084 20788-17084 20823-17084 21094-17084 21248-17084 20412-17084 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20613-17084 20725-17084 20788-17084 20823-17084 21094-17084 21248-17084 20412-17084 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:44:14 <p>Information published.</p> 4.0 2026-01-20T14:39:39 <p>Information published.</p> 6.0 2026-03-04T14:38:54 <p>Information published.</p> 8.0 2026-04-29T14:45:32 <p>Information published.</p> 10.0 2026-05-11T01:40:25 <p>Information published.</p> 1.0 2025-09-03T23:24:42 <p>Information published.</p> 3.0 2026-01-08T14:43:59 <p>Information published.</p> 5.0 2026-02-21T02:36:58 <p>Information published.</p> 7.0 2026-03-31T14:46:22 <p>Information published.</p> 9.0 2026-05-06T14:41:22 <p>Information published.</p> 11.0 2026-05-17T14:41:27 <p>Information published.</p> An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-29477 Uncontrolled Resource Consumption 19787-17086 20380-17086 20526-17086 20802-17084 21260-17084 19445-17084 20420-17084 20573-17084 20690-17086 20735-17084 19787-17086 20380-17086 20526-17086 20802-17084 21260-17084 19445-17084 20420-17084 20573-17084 20690-17086 20735-17084 19787-17086 20380-17086 Low 20526-17086 Low 20802-17084 Low 21260-17084 19445-17084 20420-17084 Low 20573-17084 Low 20690-17086 Low 20735-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 19787-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20380-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20526-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20802-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 21260-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 19445-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20420-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20573-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20690-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20735-17084 1.0 2025-09-03T23:34:18 <p>Information published.</p> 2.0 2025-12-06T14:35:42 <p>Information published.</p> 5.0 2026-04-29T14:44:21 <p>Information published.</p> 3.0 2025-12-07T01:42:32 <p>Information published.</p> 4.0 2026-01-08T14:43:08 <p>Information published.</p> net: libwx: fix Tx L4 checksum <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22101 19683-17084 20412-17084 20553-17084 19683-17084 20412-17084 20553-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-03T23:37:47 <p>Information published.</p> bonding: check xdp prog when set bond mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22105 20412-17084 17087-17086 20613-17084 20725-17084 20925-17086 21093-17086 19683-17084 20553-17084 20412-17084 17087-17086 20613-17084 20725-17084 20925-17086 21093-17086 19683-17084 20553-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20925-17086 Moderate 21093-17086 19683-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-03T23:45:01 <p>Information published.</p> 2.0 2025-12-07T01:50:47 <p>Information published.</p> 3.0 2026-01-07T14:35:21 <p>Information published.</p> 4.0 2026-03-03T14:49:41 <p>Information published.</p> 5.0 2026-03-31T15:03:13 <p>Information published.</p> In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-29087 Integer Overflow or Wraparound 20125-17086 19212-17084 16911-17086 19759-17086 20270-17084 20125-17086 19212-17084 16911-17086 19759-17086 20270-17084 20125-17086 Low 19212-17084 Low 16911-17086 Critical 19759-17086 Critical 20270-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L 20125-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L 19212-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L 16911-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19759-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20270-17084 1.0 2025-09-04T00:06:55 <p>Information published.</p> 2.0 2026-02-18T02:08:33 <p>Information published.</p> An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-3277 Heap-based Buffer Overflow 20270-17084 19759-17086 19212-17084 20125-17086 16911-17086 20270-17084 19759-17086 19212-17084 20125-17086 16911-17086 Moderate 20270-17084 Moderate 19759-17086 Moderate 19212-17084 20125-17086 Moderate 16911-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20270-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19759-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19212-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20125-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 16911-17086 1.0 2025-09-04T00:14:10 <p>Information published.</p> 2.0 2026-02-21T02:45:54 <p>Information published.</p> f2fs: quota: fix to avoid warning in dquot_writeback_dquots() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-23132 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-04T00:07:59 <p>Information published.</p> drm/amd/display: Fix out-of-bound accesses <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21985 Out-of-bounds Read 20412-17084 17087-17086 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21248-17084 19683-17084 20553-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 20412-17084 17087-17086 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21248-17084 19683-17084 20553-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 20412-17084 Important 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 19683-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:36:01 <p>Information published.</p> 4.0 2026-01-20T14:46:01 <p>Information published.</p> 6.0 2026-03-05T01:41:14 <p>Information published.</p> 7.0 2026-03-31T15:09:39 <p>Information published.</p> 11.0 2026-05-11T14:43:17 <p>Information published.</p> 1.0 2025-09-04T00:20:38 <p>Information published.</p> 3.0 2026-01-08T14:49:35 <p>Information published.</p> 5.0 2026-02-19T01:47:55 <p>Information published.</p> 8.0 2026-04-29T14:51:38 <p>Information published.</p> 9.0 2026-05-06T14:46:18 <p>Information published.</p> 10.0 2026-05-11T01:44:42 <p>Information published.</p> 12.0 2026-05-17T14:45:49 <p>Information published.</p> f2fs: fix to avoid panic once fallocation fails for pinfile <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-23130 20412-17084 17087-17086 19683-17084 20553-17084 20412-17084 17087-17086 19683-17084 20553-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-04T00:26:15 <p>Information published.</p> btrfs: fix block group refcount race in btrfs_create_pending_block_groups() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22115 20553-17084 20613-17084 20725-17084 20860-17084 21094-17084 21332-17084 19683-17084 20412-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 21344-17084 20553-17084 20613-17084 20725-17084 20860-17084 21094-17084 21332-17084 19683-17084 20412-17084 20788-17084 20823-17084 20956-17084 21248-17084 21308-17084 21344-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21332-17084 19683-17084 Moderate 20412-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:37:02 <p>Information published.</p> 3.0 2026-01-08T14:50:25 <p>Information published.</p> 4.0 2026-01-20T14:47:03 <p>Information published.</p> 6.0 2026-03-04T14:43:23 <p>Information published.</p> 10.0 2026-05-11T01:45:36 <p>Information published.</p> 1.0 2025-09-04T00:35:46 <p>Information published.</p> 5.0 2026-02-19T01:48:43 <p>Information published.</p> 7.0 2026-03-31T15:12:32 <p>Information published.</p> 8.0 2026-04-29T14:52:45 <p>Information published.</p> 9.0 2026-05-06T14:47:14 <p>Information published.</p> 11.0 2026-05-17T14:46:41 <p>Information published.</p> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22111 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21093-17086 19683-17084 20553-17084 17087-17086 20925-17086 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21093-17086 19683-17084 20553-17084 17087-17086 20925-17086 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21093-17086 19683-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-04T00:44:03 <p>Information published.</p> 2.0 2025-12-07T01:37:24 <p>Information published.</p> 3.0 2026-01-08T14:50:41 <p>Information published.</p> 4.0 2026-01-20T14:47:26 <p>Information published.</p> 7.0 2026-03-31T15:04:02 <p>Information published.</p> 5.0 2026-02-19T01:49:02 <p>Information published.</p> 6.0 2026-03-03T14:50:33 <p>Information published.</p> PCI/ASPM: Fix link state exit during switch upstream function removal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-58093 19529-17084 17087-17086 19529-17084 17087-17086 Moderate 19529-17084 Important 17087-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-04T01:16:43 <p>Information published.</p> 1.1 2026-02-18T01:36:35 <p>Information published.</p> nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21927 Out-of-bounds Write 17087-17086 20725-17084 20823-17084 20956-17084 21094-17084 21093-17086 21248-17084 19683-17084 20412-17084 20553-17084 20613-17084 20788-17084 20860-17084 20925-17086 21308-17084 21332-17084 21344-17084 17087-17086 20725-17084 20823-17084 20956-17084 21094-17084 21093-17086 21248-17084 19683-17084 20412-17084 20553-17084 20613-17084 20788-17084 20860-17084 20925-17086 21308-17084 21332-17084 21344-17084 Important 17087-17086 Important 20725-17084 Important 20823-17084 Important 20956-17084 Important 21094-17084 Important 21093-17086 Important 21248-17084 19683-17084 20412-17084 Important 20553-17084 Important 20613-17084 Important 20788-17084 Important 20860-17084 Important 20925-17086 Important 21308-17084 Important 21332-17084 Important 21344-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20553-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21332-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21344-17084 1.0 2025-09-04T01:20:13 <p>Information published.</p> 2.0 2025-12-07T01:43:11 <p>Information published.</p> 4.0 2026-01-20T14:39:19 <p>Information published.</p> 6.0 2026-03-03T15:00:31 <p>Information published.</p> 8.0 2026-03-31T14:43:57 <p>Information published.</p> 9.0 2026-04-29T14:45:05 <p>Information published.</p> 11.0 2026-05-11T01:40:08 <p>Information published.</p> 3.0 2026-01-08T14:43:39 <p>Information published.</p> 5.0 2026-02-18T02:26:03 <p>Information published.</p> 7.0 2026-03-04T14:38:41 <p>Information published.</p> 10.0 2026-05-06T14:39:50 <p>Information published.</p> 12.0 2026-05-17T14:41:07 <p>Information published.</p> LoongArch: Set hugetlb mmap base address aligned with pmd size <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21949 20412-17084 20613-17084 20725-17084 20788-17084 21094-17084 21248-17084 21308-17084 21332-17084 19683-17084 20553-17084 20823-17084 20860-17084 20956-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 21094-17084 21248-17084 21308-17084 21332-17084 19683-17084 20553-17084 20823-17084 20860-17084 20956-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 21094-17084 21248-17084 21308-17084 21332-17084 19683-17084 20553-17084 20823-17084 20860-17084 20956-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:43:21 <p>Information published.</p> 4.0 2026-01-20T14:39:29 <p>Information published.</p> 6.0 2026-03-04T14:38:48 <p>Information published.</p> 7.0 2026-03-31T14:44:23 <p>Information published.</p> 9.0 2026-05-06T14:40:23 <p>Information published.</p> 1.0 2025-09-04T01:35:21 <p>Information published.</p> 3.0 2026-01-08T14:43:49 <p>Information published.</p> 5.0 2026-02-18T02:29:10 <p>Information published.</p> 8.0 2026-04-29T14:45:19 <p>Information published.</p> 10.0 2026-05-11T01:40:16 <p>Information published.</p> 11.0 2026-05-17T14:41:17 <p>Information published.</p> usb: xhci: Apply the link chain quirk on NEC isoc endpoints <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22022 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 19683-17084 17087-17086 20860-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 19683-17084 17087-17086 20860-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Important 20925-17086 Important 21093-17086 19683-17084 Important 17087-17086 Moderate 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 2.0 2025-12-07T01:39:08 <p>Information published.</p> 6.0 2026-03-03T14:43:14 <p>Information published.</p> 7.0 2026-03-31T14:53:49 <p>Information published.</p> 1.0 2025-09-04T01:48:11 <p>Information published.</p> 3.0 2026-01-08T14:36:09 <p>Information published.</p> 4.0 2026-01-20T14:49:10 <p>Information published.</p> 5.0 2026-02-19T01:50:25 <p>Information published.</p> wifi: ath11k: update channel list in reg notifier instead reg worker <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-23133 Out-of-bounds Write 19529-17084 17087-17086 19529-17084 17087-17086 Important 19529-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.1 2026-02-18T01:43:19 <p>Information published.</p> 1.0 2025-09-04T01:56:16 <p>Information published.</p> wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-58096 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-04T02:05:00 <p>Information published.</p> Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch` <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-3416 Use After Free 17729-17084 20080-17084 19671-17084 19686-17084 17183-17086 19721-17086 17729-17084 20080-17084 19671-17084 19686-17084 17183-17086 19721-17086 Low 17729-17084 Low 20080-17084 Low 19671-17084 Low 19686-17084 Low 17183-17086 19721-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 17729-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20080-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19671-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19686-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 17183-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19721-17086 1.0 2025-09-04T02:13:49 <p>Information published.</p> 2.0 2026-02-18T02:35:49 <p>Information published.</p> dlm: prevent NPD when writing a positive value to event_done <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-23131 19683-17084 20412-17084 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 20553-17084 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 20553-17084 20956-17084 21248-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21093-17086 Moderate 20553-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T02:15:43 <p>Information published.</p> 2.0 2025-12-07T01:39:39 <p>Information published.</p> 3.0 2026-01-08T14:36:38 <p>Information published.</p> 6.0 2026-03-03T14:52:01 <p>Information published.</p> 7.0 2026-03-04T14:44:26 <p>Information published.</p> 8.0 2026-03-31T15:17:03 <p>Information published.</p> 9.0 2026-04-29T14:54:57 <p>Information published.</p> 4.0 2026-01-20T14:49:35 <p>Information published.</p> 5.0 2026-02-19T01:50:50 <p>Information published.</p> 10.0 2026-05-06T14:48:52 <p>Information published.</p> 11.0 2026-05-11T01:47:14 <p>Information published.</p> 12.0 2026-05-17T14:48:14 <p>Information published.</p> Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-3576 Use of Weak Hash 20083-17086 20384-17086 17812-17084 20083-17086 20384-17086 17812-17084 20083-17086 Moderate 20384-17086 Moderate 17812-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 20083-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 20384-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 17812-17084 CBL-Mariner Releases 20083-17086 20384-17086 No Security Update 1.19.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20083-17086 20384-17086 CBL-Mariner Releases CBL-Mariner Releases 17812-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17812-17084 CBL-Mariner Releases 1.0 2025-09-04T03:44:11 <p>Information published.</p> 1.1 2026-02-21T03:35:11 <p>Information published.</p> ksmbd: fix null pointer dereference in alloc_preauth_hash() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22037 NULL Pointer Dereference 19682-17086 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-04T06:28:32 <p>Information published.</p> 2.0 2026-02-21T04:15:32 <p>Information published.</p> objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40014 Improper Validation of Array Index 19529-17084 19529-17084 Important 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 1.0 2025-09-04T06:32:32 <p>Information published.</p> 1.1 2026-02-21T04:16:05 <p>Information published.</p> ksmbd: fix bug on trap in smb2_lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21944 Improper Locking 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-11-01T01:02:04 <p>Information published.</p> ksmbd: fix out-of-bounds in parse_sec_desc() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21946 Out-of-bounds Read 17087-17086 17087-17086 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 1.0 2025-11-01T01:02:10 <p>Information published.</p> mm: memory-failure: update ttu flag inside unmap_poisoned_folio <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21907 20613-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20553-17084 20725-17084 20788-17084 21308-17084 21332-17084 21344-17084 20613-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20553-17084 20725-17084 20788-17084 21308-17084 21332-17084 21344-17084 Moderate 20613-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20553-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20956-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21248-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20553-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21308-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21332-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21344-17084 1.0 2025-11-02T02:01:25 <p>Information published.</p> 2.0 2025-12-07T01:45:35 <p>Information published.</p> 3.0 2026-01-08T14:35:51 <p>Information published.</p> 4.0 2026-01-20T14:47:03 <p>Information published.</p> 6.0 2026-03-04T14:42:09 <p>Information published.</p> 7.0 2026-03-31T15:00:43 <p>Information published.</p> 5.0 2026-02-18T02:46:51 <p>Information published.</p> 8.0 2026-04-29T14:48:18 <p>Information published.</p> 9.0 2026-05-06T14:42:40 <p>Information published.</p> 10.0 2026-05-11T01:41:32 <p>Information published.</p> 11.0 2026-05-17T14:42:36 <p>Information published.</p> tracing: Fix bad hist from corrupting named_triggers list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21899 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-11-02T02:01:41 <p>Information published.</p> 2.0 2026-03-03T14:48:36 <p>Information published.</p> 3.0 2026-03-31T15:01:32 <p>Information published.</p> md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22124 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20553-17084 20788-17084 21308-17084 21344-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20553-17084 20788-17084 21308-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-11-05T01:01:50 <p>Information published.</p> 2.0 2025-12-07T01:45:45 <p>Information published.</p> 3.0 2026-01-08T14:36:32 <p>Information published.</p> 6.0 2026-03-04T14:42:17 <p>Information published.</p> 7.0 2026-03-31T15:04:51 <p>Information published.</p> 8.0 2026-04-29T14:48:32 <p>Information published.</p> 10.0 2026-05-11T01:41:40 <p>Information published.</p> 4.0 2026-01-20T14:47:40 <p>Information published.</p> 5.0 2026-02-18T02:51:55 <p>Information published.</p> 9.0 2026-05-06T14:42:50 <p>Information published.</p> 11.0 2026-05-17T14:42:45 <p>Information published.</p> wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path Mariner Linux Yes CVE-2025-23129 20553-17084 20553-17084 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-11-06T01:01:28 <p>Information published.</p> RISC-V: KVM: Teardown riscv specific bits after kvm_exit Mariner Linux Yes CVE-2025-23135 20553-17084 20725-17084 20956-17084 21094-17084 21248-17084 21332-17084 20613-17084 20788-17084 20823-17084 20860-17084 21308-17084 21344-17084 20553-17084 20725-17084 20956-17084 21094-17084 21248-17084 21332-17084 20613-17084 20788-17084 20823-17084 20860-17084 21308-17084 21344-17084 Moderate 20553-17084 Moderate 20725-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20613-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-11-06T01:01:33 <p>Information published.</p> 2.0 2025-12-07T01:46:25 <p>Information published.</p> 4.0 2026-01-20T14:47:59 <p>Information published.</p> 5.0 2026-02-18T02:54:23 <p>Information published.</p> 7.0 2026-03-31T15:05:18 <p>Information published.</p> 8.0 2026-04-29T14:48:44 <p>Information published.</p> 3.0 2026-01-08T14:36:52 <p>Information published.</p> 6.0 2026-03-04T14:42:25 <p>Information published.</p> 9.0 2026-05-06T14:43:00 <p>Information published.</p> 10.0 2026-05-11T01:41:49 <p>Information published.</p> 11.0 2026-05-17T14:42:54 <p>Information published.</p> ASoC: codecs: wcd938x: fix incorrect used of portid <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-48716 Uncontrolled Resource Consumption 17471-17084 19705-17086 17099-17086 17471-17084 19705-17086 17099-17086 Critical 17471-17084 19705-17086 Critical 17099-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17471-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19705-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17099-17086 CBL-Mariner Releases 17471-17084 No Security Update 6.6.82.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17471-17084 CBL-Mariner Releases CBL-Mariner Releases 19705-17086 17099-17086 No Security Update 5.15.179.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 CBL-Mariner Releases 1.0 2025-04-09T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:23:04 <p>Information published.</p> Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-21605 Allocation of Resources Without Limits or Throttling 20345-17086 20527-17086 19284-17084 17493-17084 20345-17086 20527-17086 19284-17084 17493-17084 Important 20345-17086 Important 20527-17086 Important 19284-17084 Important 17493-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20345-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20527-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19284-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17493-17084 CBL-Mariner Releases 19284-17084 17493-17084 No Security Update 8.0.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19284-17084 17493-17084 CBL-Mariner Releases 1.0 2025-04-29T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:42:46 <p>Information published.</p> caif_virtio: fix wrong pointer check in cfv_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21904 NULL Pointer Dereference 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 Moderate 17095-16823 Moderate 19288-17084 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:44:14 <p>Information published.</p> gpio: rcar: Use raw_spinlock to protect register access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21912 17465-17084 19705-17086 17095-16823 19288-17084 17099-17086 17465-17084 19705-17086 17095-16823 19288-17084 17099-17086 17465-17084 19705-17086 Moderate 17095-16823 Moderate 19288-17084 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:41:45 <p>Information published.</p> usb: renesas_usbhs: Flush the notify_hotplug_work <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21917 NULL Pointer Dereference 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 17095-16823 19288-17084 19705-17086 17099-17086 17465-17084 Moderate 17095-16823 Moderate 19288-17084 19705-17086 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 19705-17086 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:27:16 <p>Information published.</p> vlan: enforce underlying device type <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21920 Out-of-bounds Read 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 Important 17465-17084 Important 17099-17086 Important 17095-16823 Important 19288-17084 19705-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17465-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17099-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17095-16823 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19288-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19705-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:32:29 <p>Information published.</p> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21936 NULL Pointer Dereference 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> gpio: aggregator: protect driver attr handlers against module unload <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21943 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 Moderate 17095-16823 Moderate 19288-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:51:02 <p>Information published.</p> ksmbd: fix type confusion via race condition when using ipc_msg_send_request <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21947 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 17087-17086 21093-17086 19288-17084 17465-17084 20925-17086 17087-17086 21093-17086 19288-17084 17465-17084 20925-17086 17087-17086 21093-17086 Moderate 19288-17084 17465-17084 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-03-31T14:43:20 <p>Information published.</p> 2.0 2026-03-03T15:00:15 <p>Information published.</p> scsi: qla1280: Fix kernel oops when debug level > 2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21957 NULL Pointer Dereference 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 Moderate 17095-16823 Moderate 19288-17084 17465-17084 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:34:08 <p>Information published.</p> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21959 17465-17084 19705-17086 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 17095-16823 19288-17084 17465-17084 19705-17086 17099-17086 Moderate 17095-16823 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases 2.0 2026-02-18T03:10:52 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> cifs: Fix integer overflow while processing acregmax mount option <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21964 Integer Overflow or Wraparound 17465-17084 19705-17086 17095-16823 19288-17084 17099-17086 17465-17084 19705-17086 17095-16823 19288-17084 17099-17086 17465-17084 19705-17086 Moderate 17095-16823 Moderate 19288-17084 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 19705-17086 17095-16823 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17095-16823 17099-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:30:04 <p>Information published.</p> ice: fix memory leak in aRFS after reset <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21981 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 Moderate 17095-16823 Moderate 19288-17084 19682-17086 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:55:34 <p>Information published.</p> drm/sched: Fix fence reference count leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21995 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21996 Use of Uninitialized Resource 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 17095-16823 19288-17084 19705-17086 17465-17084 17099-17086 Moderate 17095-16823 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 19705-17086 17099-17086 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:10:28 <p>Information published.</p> accel/qaic: Fix integer overflow in qaic_validate_req() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22001 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> can: ucan: fix out of bound read in strscpy() source <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22003 17465-17084 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> Bluetooth: Fix error code in chan_alloc_skb_cb() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22007 NULL Pointer Dereference 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 17095-16823 19288-17084 19682-17086 17465-17084 18490-17086 Moderate 17095-16823 Moderate 19288-17084 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 CBL-Mariner Releases 17465-17084 19288-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 19288-17084 CBL-Mariner Releases CBL-Mariner Releases 17095-16823 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17095-16823 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:52:43 <p>Information published.</p> regulator: dummy: force synchronous probing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22009 NULL Pointer Dereference 19288-17084 17465-17084 19288-17084 17465-17084 Moderate 19288-17084 17465-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19288-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17465-17084 CBL-Mariner Releases 19288-17084 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19288-17084 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> tracing: Fix use-after-free in print_graph_function_flags during tracer switching <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22035 Use After Free 17099-17086 17095-16823 19734-17084 19705-17086 17099-17086 17095-16823 19734-17084 19705-17086 Important 17099-17086 Important 17095-16823 Important 19734-17084 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 CBL-Mariner Releases 17099-17086 17095-16823 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 17095-16823 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T03:45:45 <p>Information published.</p> PgBouncer default auth_query does not take Postgres password expiry into account <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PostgreSQL Yes CVE-2025-2291 Use of a Key Past its Expiration Date 20298-17086 18855-17086 19349-16823 19350-17084 20295-17084 20298-17086 18855-17086 19349-16823 19350-17084 20295-17084 20298-17086 Important 18855-17086 Important 19349-16823 Important 19350-17084 Important 20295-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 20298-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 18855-17086 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19349-16823 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19350-17084 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 20295-17084 CBL-Mariner Releases 20298-17086 18855-17086 19349-16823 19350-17084 20295-17084 No Security Update 1.24.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20298-17086 18855-17086 19349-16823 19350-17084 20295-17084 CBL-Mariner Releases 3.0 2026-02-21T02:59:31 <p>Information published.</p> 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-29481 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 20211-17086 19404-17084 19405-17084 19406-17084 19998-17084 20211-17086 19404-17084 19405-17084 19406-17084 19998-17084 Moderate 20211-17086 Moderate 19404-17084 Moderate 19405-17084 Moderate 19406-17084 Moderate 19998-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20211-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19404-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19405-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19406-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19998-17084 CBL-Mariner Releases 20211-17086 No Security Update 1.0.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20211-17086 CBL-Mariner Releases CBL-Mariner Releases 19404-17084 No Security Update 0.29.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19404-17084 CBL-Mariner Releases CBL-Mariner Releases 19405-17084 No Security Update 1.25-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19405-17084 CBL-Mariner Releases CBL-Mariner Releases 19406-17084 No Security Update 1.2.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19406-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-05-06T00:00:00 <p>Information published.</p> 7.0 2025-05-11T00:00:00 <p>Information published.</p> 8.0 2025-05-12T00:00:00 <p>Information published.</p> 1.0 2025-05-14T00:00:00 <p>Information published.</p> 1.2 2025-05-16T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.3 2025-05-17T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.6 2025-05-20T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.7 2025-05-21T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 2.0 2025-05-24T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 2.2 2025-05-26T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 9.1 2026-02-21T02:33:32 <p>Information published.</p> 3.0 2025-05-07T00:00:00 <p>Information published.</p> 4.0 2025-05-08T00:00:00 <p>Information published.</p> 5.0 2025-05-09T00:00:00 <p>Information published.</p> 6.0 2025-05-10T00:00:00 <p>Information published.</p> 9.0 2025-05-13T00:00:00 <p>Information published.</p> 1.1 2025-05-15T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.4 2025-05-18T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.5 2025-05-19T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.8 2025-05-22T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 1.9 2025-05-23T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 2.1 2025-05-25T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> 2.3 2025-05-27T00:00:00 <p>Added dwarves to Azure Linux 3.0 Added libbpf to Azure Linux 3.0 Added libbpf to CBL-Mariner 2.0</p> c-ares has a use-after-free in read_answers() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-31498 Use After Free 19445-17084 19445-17084 Important 19445-17084 CBL-Mariner Releases 19445-17084 No Security Update 3.1.9-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19445-17084 CBL-Mariner Releases 1.0 2025-04-16T00:00:00 <p>Information published.</p> Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32053 Buffer Over-read 20186-17086 19446-17084 20186-17086 19446-17084 Moderate 20186-17086 Moderate 19446-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 20186-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 19446-17084 CBL-Mariner Releases 20186-17086 No Security Update 3.0.4-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20186-17086 CBL-Mariner Releases CBL-Mariner Releases 19446-17084 No Security Update 3.4.4-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 CBL-Mariner Releases 1.0 2025-05-27T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libsoup to CBL-Mariner 2.0 Added libsoup to Azure Linux 3.0</p> 2.1 2026-02-18T02:13:46 <p>Information published.</p> In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-32415 Improper Validation of Specified Quantity in Input 19447-17084 20228-17086 19447-17084 20228-17086 Low 19447-17084 Low 20228-17086 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19447-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20228-17086 CBL-Mariner Releases 19447-17084 No Security Update 2.11.5-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19447-17084 CBL-Mariner Releases CBL-Mariner Releases 20228-17086 No Security Update 2.10.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20228-17086 CBL-Mariner Releases 1.0 2025-05-27T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libxml2 to CBL-Mariner 2.0 Added libxml2 to Azure Linux 3.0</p> 2.1 2026-02-21T03:30:13 <p>Information published.</p> Erlang/OTP SSH Vulnerable to Pre-Authentication RCE <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-32433 Missing Authentication for Critical Function 19374-17084 19448-16823 19449-17084 20067-17086 19374-17084 19448-16823 19449-17084 20067-17086 Critical 19374-17084 Critical 19448-16823 Critical 19449-17084 Critical 20067-17086 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19374-17084 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19448-16823 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 19449-17084 10.0 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 20067-17086 CBL-Mariner Releases 19374-17084 19449-17084 No Security Update 26.2.5.11-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19374-17084 19449-17084 CBL-Mariner Releases CBL-Mariner Releases 19448-16823 20067-17086 No Security Update 25.3.2.20-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19448-16823 20067-17086 CBL-Mariner Releases 1.0 2025-04-22T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:00:39 <p>Information published.</p> In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-32728 Expected Behavior Violation 20199-17086 19453-17084 20199-17086 19453-17084 Moderate 20199-17086 Moderate 19453-17084 4.3 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 20199-17086 4.3 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 19453-17084 CBL-Mariner Releases 20199-17086 No Security Update 8.9p1-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20199-17086 CBL-Mariner Releases CBL-Mariner Releases 19453-17084 No Security Update 9.8p1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19453-17084 CBL-Mariner Releases 1.0 2025-04-22T00:00:00 <p>Information published.</p> 2.0 2025-04-26T00:00:00 <p>Information published.</p> 3.0 2025-05-23T00:00:00 <p>Information published.</p> 3.1 2026-02-18T02:04:48 <p>Information published.</p> Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32909 NULL Pointer Dereference 19446-17084 19455-17084 20186-17086 19446-17084 19455-17084 20186-17086 Moderate 19446-17084 Moderate 19455-17084 Moderate 20186-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19446-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19455-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20186-17086 CBL-Mariner Releases 19446-17084 19455-17084 No Security Update 3.4.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 19455-17084 CBL-Mariner Releases CBL-Mariner Releases 20186-17086 No Security Update 3.0.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20186-17086 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.1 2026-02-21T02:54:22 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libsoup to CBL-Mariner 2.0 Added libsoup to Azure Linux 3.0</p> Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32910 NULL Pointer Dereference 20186-17086 19455-17084 19446-17084 20186-17086 19455-17084 19446-17084 Moderate 20186-17086 Moderate 19455-17084 Moderate 19446-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20186-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19455-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19446-17084 CBL-Mariner Releases 20186-17086 No Security Update 3.0.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20186-17086 CBL-Mariner Releases CBL-Mariner Releases 19455-17084 19446-17084 No Security Update 3.4.4-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19455-17084 19446-17084 CBL-Mariner Releases 1.0 2025-04-23T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added libsoup to CBL-Mariner 2.0 Added libsoup to Azure Linux 3.0</p> 2.1 2026-02-21T02:53:13 <p>Information published.</p> Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32914 Out-of-bounds Read 20113-17086 19457-16823 19456-17084 19446-17084 20113-17086 19457-16823 19456-17084 19446-17084 Important 20113-17086 Important 19457-16823 Important 19456-17084 Important 19446-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 20113-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19457-16823 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19456-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 19446-17084 CBL-Mariner Releases 20113-17086 19457-16823 No Security Update 3.0.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20113-17086 19457-16823 CBL-Mariner Releases CBL-Mariner Releases 19456-17084 19446-17084 No Security Update 3.4.4-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19456-17084 19446-17084 CBL-Mariner Releases 1.0 2025-04-29T00:00:00 <p>Information published.</p> 2.0 2025-05-05T00:00:00 <p>Information published.</p> 2.1 2026-02-21T02:48:47 <p>Information published.</p> Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-46421 Exposure of Sensitive System Information to an Unauthorized Control Sphere 19401-16823 19402-17084 20113-17086 19446-17084 19401-16823 19402-17084 20113-17086 19446-17084 Moderate 19401-16823 Moderate 19402-17084 Moderate 20113-17086 Moderate 19446-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 19401-16823 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 19402-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 20113-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 19446-17084 CBL-Mariner Releases 19401-16823 20113-17086 No Security Update 3.0.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19401-16823 20113-17086 CBL-Mariner Releases CBL-Mariner Releases 19402-17084 19446-17084 No Security Update 3.4.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19402-17084 19446-17084 CBL-Mariner Releases 1.0 2025-05-06T00:00:00 <p>Information published.</p> 1.1 2026-02-21T04:18:59 <p>Information published.</p> Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner CPANSec Yes CVE-2024-56406 Heap-based Buffer Overflow 17462-17084 19954-17086 20283-17084 17462-17084 19954-17086 20283-17084 Important 17462-17084 Important 19954-17086 Important 20283-17084 8.6 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 17462-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 19954-17086 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 20283-17084 CBL-Mariner Releases 17462-17084 20283-17084 No Security Update 5.38.2-507 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17462-17084 20283-17084 CBL-Mariner Releases CBL-Mariner Releases 19954-17086 No Security Update 5.34.1-490 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19954-17086 CBL-Mariner Releases 1.0 2025-04-19T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:50:56 <p>Information published.</p> Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21575 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:36:12 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21579 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17153-17086 Moderate 17539-17084 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:33:03 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21581 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 2.0 2026-02-19T01:36:41 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21584 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17153-17086 Moderate 17539-17084 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:38:45 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30689 Improper Access Control 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:31:22 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30693 Improper Access Control 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19547-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19591-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17539-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19852-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:37:43 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30695 Improper Access Control 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19547-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19591-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17539-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19852-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:34:39 <p>Information published.</p> Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30703 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Low 19547-16823 Low 19591-17084 Low 17539-17084 19852-17086 Low 17153-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 19547-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 19591-17084 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 17539-17084 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 19852-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:28:21 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30705 Uncontrolled Resource Consumption 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 2.0 2026-02-19T01:36:56 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30715 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 Moderate 19547-16823 Moderate 19591-17084 19852-17086 Moderate 17539-17084 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 19852-17086 17539-17084 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:37:45 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21577 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19547-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19591-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 2.0 2026-02-19T01:36:27 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-21585 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 2.0 2026-02-21T03:36:11 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> cdx: Fix possible UAF error in driver_override_show() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21915 17465-17084 19682-17086 18490-17086 17465-17084 19682-17086 18490-17086 Important 17465-17084 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:40:38 <p>Information published.</p> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21928 19705-17086 17465-17084 17099-17086 19705-17086 17465-17084 17099-17086 19705-17086 Important 17465-17084 Important 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases 2.0 2026-02-18T02:28:34 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> ksmbd: fix use-after-free in smb2_lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21945 19682-17086 17465-17084 18490-17086 19682-17086 17465-17084 18490-17086 19682-17086 Important 17465-17084 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:06:18 <p>Information published.</p> atm: Fix NULL pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22018 NULL Pointer Dereference 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:35:24 <p>Information published.</p> drm/amd/display: Fix slab-use-after-free on hdcp_work <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21968 Use After Free 17465-17084 17099-17086 19705-17086 17465-17084 17099-17086 19705-17086 Important 17465-17084 Important 17099-17086 19705-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17099-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19705-17086 CBL-Mariner Releases 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-17086 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 19705-17086 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:36:14 <p>Information published.</p> wifi: cfg80211: cancel wiphy_work before freeing wiphy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21979 17465-17084 17465-17084 Important 17465-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17465-17084 CBL-Mariner Releases 17465-17084 No Security Update 6.6.85.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17465-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:21:06 <p>Information published.</p> media: streamzap: fix race between device disconnection and urb callback https://nvd.nist.gov/vuln/detail/CVE-2025-22027 https://nvd.nist.gov/vuln/detail/CVE-2025-22027 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22027 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 12356 12357 19682-17086 18490-17086 19734-17084 12356 12357 19682-17086 18490-17086 19734-17084 12356 12357 19682-17086 Moderate 18490-17086 Moderate 19734-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12356 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 12357 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 kernel 12356 kernel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22027 12356 kernel kernel 12357 kernel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22027 12357 kernel CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:37:21 <p>Information published.</p> media: vimc: skip .s_stream() for stopped entities <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22028 19529-17084 19734-17084 17087-17086 19529-17084 19734-17084 17087-17086 Moderate 19529-17084 Moderate 19734-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:14:03 <p>Information published.</p> ksmbd: fix session use-after-free in multichannel connection <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22040 Use After Free 19682-17086 19734-17084 18490-17086 19682-17086 19734-17084 18490-17086 19682-17086 Important 19734-17084 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:44:19 <p>Information published.</p> ksmbd: fix use-after-free in ksmbd_sessions_deregister() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22041 Use After Free 19734-17084 18490-17086 19682-17086 19734-17084 18490-17086 19682-17086 Important 19734-17084 Important 18490-17086 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:54:51 <p>Information published.</p> ksmbd: add bounds check for create lease context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22042 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:49:43 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22045 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:25:48 <p>Information published.</p> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22049 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:37:02 <p>Information published.</p> net: ibmveth: make veth_pool_store stop hanging <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22053 Improper Locking 19529-17084 19734-17084 17087-17086 19529-17084 19734-17084 17087-17086 Moderate 19529-17084 Moderate 19734-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:28:26 <p>Information published.</p> net: fix geneve_opt length integer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22055 19529-17084 19734-17084 19529-17084 19734-17084 Important 19529-17084 Important 19734-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:12:30 <p>Information published.</p> net: decrease cached dst counters in dst_release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22057 19529-17084 17087-17086 20925-17086 21093-17086 19734-17084 19529-17084 17087-17086 20925-17086 21093-17086 19734-17084 Moderate 19529-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 19734-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 17087-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20925-17086 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.0 2026-03-03T14:48:52 <p>Information published.</p> 3.0 2026-03-31T15:01:56 <p>Information published.</p> 1.1 2026-02-18T02:27:39 <p>Information published.</p> net: mvpp2: Prevent parser TCAM memory corruption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22060 Time-of-check Time-of-use (TOCTOU) Race Condition 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:03:25 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> ASoC: imx-card: Add NULL check in imx_card_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22066 NULL Pointer Dereference 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-21T02:38:07 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> spufs: fix a leak in spufs_create_context() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22071 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:49:22 <p>Information published.</p> spufs: fix a leak on spufs_new_file() failure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22073 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:47:06 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> ocfs2: validate l_tree_depth to avoid out-of-bounds access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22079 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-18T02:59:37 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> fs/ntfs3: Prevent integer overflow in hdr_first_de() https://nvd.nist.gov/vuln/detail/CVE-2025-22080 https://nvd.nist.gov/vuln/detail/CVE-2025-22080 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22080 Integer Overflow or Wraparound 12357 12356 19734-17084 12357 12356 19734-17084 12357 12356 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 kernel 12357 kernel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22080 12357 kernel kernel 12356 kernel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22080 12356 kernel CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T02:34:34 <p>Information published.</p> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22083 Use After Free 19529-17084 17087-17086 19734-17084 19529-17084 17087-17086 19734-17084 Moderate 19529-17084 Important 17087-17086 Moderate 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19529-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:51:33 <p>Information published.</p> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() https://nvd.nist.gov/vuln/detail/CVE-2025-22088 https://nvd.nist.gov/vuln/detail/CVE-2025-22088 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22088 12356 12357 19734-17084 12356 12357 19734-17084 12356 12357 Important 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 kernel 12356 kernel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22088 12356 kernel kernel 12357 kernel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-intree-amdgpu-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 python3-perf-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 bpftool-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-6.6.92.2-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 6.6.92.2-1 https://nvd.nist.gov/vuln/detail/CVE-2025-22088 12357 kernel CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-21T03:46:36 <p>Information published.</p> Bluetooth: btnxpuart: Fix kernel panic during FW release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22102 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:08:25 <p>Information published.</p> thermal: int340x: Add NULL check for adev <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-23136 19705-17086 19734-17084 17099-17086 19705-17086 19734-17084 17099-17086 19705-17086 Moderate 19734-17084 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T04:08:47 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30681 Uncontrolled Resource Consumption 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Low 19547-16823 Low 19591-17084 Low 17539-17084 19852-17086 Low 17153-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19547-16823 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19591-17084 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 17539-17084 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 19852-17086 2.7 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:37:58 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30683 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 19852-17086 Moderate 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 19852-17086 17153-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:29:55 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30684 Incorrect Permission Assignment for Critical Resource 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17153-17086 Moderate 17539-17084 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17153-17086 17539-17084 19852-17086 CBL-Mariner Releases 2.0 2026-02-19T01:39:17 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30699 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 Moderate 17153-17086 19852-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19547-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19591-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17539-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17153-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 CBL-Mariner Releases 2.0 2026-02-19T01:37:28 <p>Information published.</p> 1.0 2025-06-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2025-30721 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 Moderate 19547-16823 Moderate 19591-17084 Moderate 17539-17084 Moderate 17153-17086 19852-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 19547-16823 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 19591-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 17539-17084 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 17153-17086 4.0 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 19852-17086 CBL-Mariner Releases 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 No Security Update 8.0.42-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19547-16823 19591-17084 17539-17084 17153-17086 19852-17086 CBL-Mariner Releases 1.0 2025-06-23T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:39:01 <p>Information published.</p> Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-3360 Integer Overflow or Wraparound 19553-16823 19598-17084 19898-17086 19553-16823 19598-17084 19898-17086 Low 19553-16823 Low 19598-17084 Low 19898-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19553-16823 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19598-17084 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19898-17086 CBL-Mariner Releases 19553-16823 19898-17086 No Security Update 2.71.0-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19553-16823 19898-17086 CBL-Mariner Releases CBL-Mariner Releases 19598-17084 No Security Update 2.78.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19598-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:23:09 <p>Information published.</p> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-37838 19734-17084 19682-17086 18490-17086 19734-17084 19682-17086 18490-17086 Important 19734-17084 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19734-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 2.0 2026-02-21T03:51:57 <p>Information published.</p> LoongArch: BPF: Fix off-by-one error in build_prologue() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-37893 19529-17084 19734-17084 19529-17084 19734-17084 Moderate 19529-17084 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.1 2026-02-21T04:11:47 <p>Information published.</p> 1.0 2025-07-11T00:00:00 <p>Information published.</p> remoteproc: core: Clear table_sz when rproc_shutdown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38152 NULL Pointer Dereference 17099-17086 19705-17086 19734-17084 17099-17086 19705-17086 19734-17084 Moderate 17099-17086 19705-17086 Moderate 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 17099-17086 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 19705-17086 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-21T04:03:36 <p>Information published.</p> clk: samsung: Fix UBSAN panic in samsung_clk_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39728 19705-17086 19734-17084 17099-17086 19705-17086 19734-17084 17099-17086 19705-17086 Moderate 19734-17084 Moderate 17099-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19705-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17099-17086 CBL-Mariner Releases 19705-17086 17099-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19705-17086 17099-17086 CBL-Mariner Releases CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 3.0 2026-02-21T04:06:09 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> jfs: fix slab-out-of-bounds read in ea_get() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39735 Out-of-bounds Read 19734-17084 17099-17086 19705-17086 19734-17084 17099-17086 19705-17086 Important 19734-17084 Important 17099-17086 19705-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19734-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17099-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19705-17086 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases CBL-Mariner Releases 17099-17086 19705-17086 No Security Update 5.15.180.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17099-17086 19705-17086 CBL-Mariner Releases 2.0 2025-07-11T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 3.0 2026-02-21T03:53:27 <p>Information published.</p> 1.0 2025-05-05T00:00:00 <p>Information published.</p> x86/mce: use is_copy_from_user() to determine copy-from-user context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-39989 19529-17084 19734-17084 17087-17086 20925-17086 21093-17086 19529-17084 19734-17084 17087-17086 20925-17086 21093-17086 Moderate 19529-17084 Moderate 19734-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 19529-17084 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19734-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:03:25 <p>Information published.</p> 2.0 2026-03-03T14:54:02 <p>Information published.</p> 3.0 2026-03-31T15:08:12 <p>Information published.</p> Go Snowflake Driver has race condition when checking access to Easy Logging configuration file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-46327 Time-of-check Time-of-use (TOCTOU) Race Condition 19939-17086 19343-17084 20385-17086 20739-17084 20782-17086 20951-17086 20969-17084 21126-17086 21127-17084 21258-17084 20797-17084 19939-17086 19343-17084 20385-17086 20739-17084 20782-17086 20951-17086 20969-17084 21126-17086 21127-17084 21258-17084 20797-17084 19939-17086 Low 19343-17084 Low 20385-17086 Low 20739-17084 Low 20782-17086 Low 20951-17086 Low 20969-17084 Low 21126-17086 Low 21127-17084 Low 21258-17084 Low 20797-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19939-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 19343-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20385-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20739-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20782-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20951-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20969-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 21126-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 21127-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 21258-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20797-17084 3.0 2026-01-03T01:36:54 <p>Information published.</p> 4.0 2026-01-08T14:44:19 <p>Information published.</p> 7.0 2026-03-31T14:51:28 <p>Information published.</p> 1.0 2025-09-03T21:57:35 <p>Information published.</p> 2.0 2025-12-07T01:45:07 <p>Information published.</p> 5.0 2026-03-03T15:04:13 <p>Information published.</p> 6.0 2026-03-04T14:39:30 <p>Information published.</p> 8.0 2026-04-29T14:45:58 <p>Information published.</p> ax25: Remove broken autobind <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22109 Missing Release of Memory after Effective Lifetime 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 21332-17084 20553-17084 17087-17086 21094-17084 21248-17084 21308-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 21332-17084 20553-17084 17087-17086 21094-17084 21248-17084 21308-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21093-17086 Moderate 21332-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T22:10:04 <p>Information published.</p> 2.0 2025-12-07T01:46:38 <p>Information published.</p> 4.0 2026-01-20T14:41:05 <p>Information published.</p> 6.0 2026-03-03T14:50:16 <p>Information published.</p> 7.0 2026-03-04T14:40:23 <p>Information published.</p> 8.0 2026-03-31T14:56:57 <p>Information published.</p> 9.0 2026-04-29T14:47:26 <p>Information published.</p> 11.0 2026-05-11T01:41:08 <p>Information published.</p> 3.0 2026-01-08T14:45:40 <p>Information published.</p> 5.0 2026-02-19T01:44:00 <p>Information published.</p> 10.0 2026-05-06T14:42:12 <p>Information published.</p> 12.0 2026-05-17T14:42:21 <p>Information published.</p> Libsoup: cookie domain validation bypass via uppercase characters in libsoup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-4035 Improper Handling of Case Sensitivity 20186-17086 20190-17084 20379-17086 20625-17084 20801-17084 20958-17084 21115-17086 21112-17084 20601-17086 20933-17086 21202-17084 20186-17086 20190-17084 20379-17086 20625-17084 20801-17084 20958-17084 21115-17086 21112-17084 20601-17086 20933-17086 21202-17084 20186-17086 Moderate 20190-17084 Moderate 20379-17086 Moderate 20625-17084 Moderate 20801-17084 Moderate 20958-17084 Moderate 21115-17086 Moderate 21112-17084 Moderate 20601-17086 Moderate 20933-17086 Moderate 21202-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20186-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20190-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20379-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20625-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20801-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20958-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 21115-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 21112-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20601-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 20933-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 21202-17084 2.0 2026-01-08T14:44:29 <p>Information published.</p> 4.0 2026-03-04T14:39:37 <p>Information published.</p> 5.0 2026-03-31T14:52:06 <p>Information published.</p> 1.0 2025-09-03T22:40:13 <p>Information published.</p> 3.0 2026-03-03T14:35:51 <p>Information published.</p> 6.0 2026-04-14T14:38:25 <p>Information published.</p> An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-29478 Uncontrolled Resource Consumption 19787-17086 19445-17084 20380-17086 20526-17086 20735-17084 20802-17084 21260-17084 20420-17084 20573-17084 20690-17086 19787-17086 19445-17084 20380-17086 20526-17086 20735-17084 20802-17084 21260-17084 20420-17084 20573-17084 20690-17086 19787-17086 19445-17084 20380-17086 Low 20526-17086 Low 20735-17084 Low 20802-17084 Low 21260-17084 20420-17084 Low 20573-17084 Low 20690-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L 19787-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 19445-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L 20380-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L 20526-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20735-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20802-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 21260-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20420-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L 20573-17084 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L 20690-17086 1.0 2025-09-03T23:03:51 <p>Information published.</p> 3.0 2025-12-07T01:42:56 <p>Information published.</p> 5.0 2026-04-29T14:44:46 <p>Information published.</p> 2.0 2025-12-06T14:35:47 <p>Information published.</p> 4.0 2026-01-08T14:43:29 <p>Information published.</p> ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22121 20553-17084 20613-17084 20725-17084 20788-17084 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20823-17084 20860-17084 20553-17084 20613-17084 20725-17084 20788-17084 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20823-17084 20860-17084 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20788-17084 Important 20925-17086 Important 21093-17086 19683-17084 Important 20412-17084 Important 17087-17086 Important 20823-17084 Important 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20860-17084 1.0 2025-09-04T00:04:25 <p>Information published.</p> 2.0 2025-12-07T01:35:40 <p>Information published.</p> 3.0 2026-01-08T14:49:18 <p>Information published.</p> 4.0 2026-01-20T14:45:41 <p>Information published.</p> 6.0 2026-03-03T14:51:06 <p>Information published.</p> 7.0 2026-03-31T15:04:25 <p>Information published.</p> 5.0 2026-02-19T01:47:41 <p>Information published.</p> nfsd: don't ignore the return code of svc_proc_register() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22026 Unchecked Return Value 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 20553-17084 17087-17086 20788-17084 21093-17086 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 20553-17084 17087-17086 20788-17084 21093-17086 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20553-17084 Moderate 17087-17086 Moderate 20788-17084 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2025-12-07T01:38:27 <p>Information published.</p> 4.0 2026-01-20T14:48:29 <p>Information published.</p> 5.0 2026-02-19T01:49:50 <p>Information published.</p> 6.0 2026-02-27T14:35:37 <p>Information published.</p> 7.0 2026-03-03T14:43:32 <p>Information published.</p> 8.0 2026-03-31T14:54:11 <p>Information published.</p> 1.0 2025-09-04T01:19:07 <p>Information published.</p> 3.0 2026-01-08T14:35:28 <p>Information published.</p> net: mctp: unshare packets when reassembling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21972 Missing Release of Memory after Effective Lifetime 19683-17084 20412-17084 17087-17086 20553-17084 19683-17084 20412-17084 17087-17086 20553-17084 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 1.0 2025-09-04T01:32:13 <p>Information published.</p> md/raid10: wait barrier before returning discard request with REQ_NOWAIT <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-40325 20412-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20553-17084 20613-17084 20860-17084 20956-17084 21308-17084 21344-17084 20412-17084 17087-17086 20725-17084 20788-17084 20823-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20553-17084 20613-17084 20860-17084 20956-17084 21308-17084 21344-17084 Low 20412-17084 Moderate 17087-17086 Low 20725-17084 Low 20788-17084 Low 20823-17084 Moderate 20925-17086 Low 21094-17084 Moderate 21093-17086 Low 21248-17084 Low 21332-17084 19683-17084 Low 20553-17084 Low 20613-17084 Low 20860-17084 Low 20956-17084 Low 21308-17084 Low 21344-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20725-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20788-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21248-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21332-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19683-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20553-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20613-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20860-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 20956-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21308-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 21344-17084 1.0 2025-09-04T02:00:27 <p>Information published.</p> 2.0 2025-12-07T01:39:29 <p>Information published.</p> 4.0 2026-01-20T14:49:26 <p>Information published.</p> 6.0 2026-03-03T14:54:20 <p>Information published.</p> 7.0 2026-03-04T14:44:20 <p>Information published.</p> 8.0 2026-03-31T15:16:42 <p>Information published.</p> 9.0 2026-04-29T14:54:44 <p>Information published.</p> 3.0 2026-01-08T14:36:28 <p>Information published.</p> 5.0 2026-02-19T01:50:43 <p>Information published.</p> 10.0 2026-05-06T14:48:42 <p>Information published.</p> 11.0 2026-05-11T01:47:03 <p>Information published.</p> 12.0 2026-05-17T14:48:06 <p>Information published.</p> ksmbd: fix overflow in dacloffset bounds check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22039 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 2.0 2025-11-25T01:36:09 <p>Information published.</p> 1.0 2025-09-04T02:38:59 <p>Information published.</p> Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-32911 Free of Memory not on the Heap 19446-17084 20113-17086 19446-17084 20113-17086 Critical 19446-17084 Critical 20113-17086 9.0 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 19446-17084 9.0 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 20113-17086 CBL-Mariner Releases 19446-17084 20113-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19446-17084 20113-17086 CBL-Mariner Releases 1.0 2025-09-04T03:10:11 <p>Information published.</p> 1.1 2026-02-21T03:25:08 <p>Information published.</p> In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-58251 Improper Neutralization of Escape, Meta, or Control Sequences 20579-17084 20626-17084 20743-17084 20892-17084 20948-17086 20970-17084 21096-17084 20343-17084 20103-17086 20423-17084 20891-17086 20579-17084 20626-17084 20743-17084 20892-17084 20948-17086 20970-17084 21096-17084 20343-17084 20103-17086 20423-17084 20891-17086 Low 20579-17084 Low 20626-17084 Low 20743-17084 Low 20892-17084 Low 20948-17086 Low 20970-17084 Low 21096-17084 20343-17084 Low 20103-17086 Low 20423-17084 Low 20891-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20579-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20626-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20743-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20892-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20948-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20970-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 21096-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20343-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20103-17086 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20423-17084 2.5 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L 20891-17086 1.0 2025-09-04T03:56:51 <p>Information published.</p> 2.0 2025-12-07T01:44:36 <p>Information published.</p> 4.0 2026-03-03T15:03:57 <p>Information published.</p> 6.0 2026-03-31T14:49:59 <p>Information published.</p> 3.0 2026-02-21T03:39:55 <p>Information published.</p> 5.0 2026-03-04T14:39:10 <p>Information published.</p> In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-46394 User Interface (UI) Misrepresentation of Critical Information 20343-17084 20423-17084 20579-17084 20626-17084 20743-17084 20948-17086 21096-17084 20103-17086 20892-17084 20891-17086 20970-17084 20343-17084 20423-17084 20579-17084 20626-17084 20743-17084 20948-17086 21096-17084 20103-17086 20892-17084 20891-17086 20970-17084 20343-17084 Low 20423-17084 Low 20579-17084 Low 20626-17084 Low 20743-17084 Low 20948-17086 Low 21096-17084 Low 20103-17086 Low 20892-17084 Low 20891-17086 Low 20970-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20343-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20423-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20579-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20626-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20743-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20948-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 21096-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20103-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20892-17084 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20891-17086 3.2 3.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 20970-17084 2.0 2025-12-07T01:44:46 <p>Information published.</p> 3.0 2026-02-21T03:41:15 <p>Information published.</p> 4.0 2026-03-03T15:03:41 <p>Information published.</p> 5.0 2026-03-04T14:39:17 <p>Information published.</p> 6.0 2026-03-31T14:50:23 <p>Information published.</p> 1.0 2025-09-04T04:04:08 <p>Information published.</p> jfs: reject on-disk inodes of an unsupported type <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-37925 19682-17086 19529-17084 18490-17086 19682-17086 19529-17084 18490-17086 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 1.0 2025-09-04T05:38:21 <p>Information published.</p> 2.0 2026-02-21T04:04:51 <p>Information published.</p> sfc: fix NULL dereferences in ef100_process_design_param() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-37860 NULL Pointer Dereference 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21248-17084 20553-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21248-17084 20553-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20553-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:44:56 <p>Information published.</p> 4.0 2026-01-20T14:39:48 <p>Information published.</p> 7.0 2026-03-31T14:50:45 <p>Information published.</p> 8.0 2026-04-29T14:45:44 <p>Information published.</p> 10.0 2026-05-11T01:40:33 <p>Information published.</p> 1.0 2025-09-04T06:36:55 <p>Information published.</p> 3.0 2026-01-08T14:44:09 <p>Information published.</p> 5.0 2026-02-21T04:16:37 <p>Information published.</p> 6.0 2026-03-04T14:39:23 <p>Information published.</p> 9.0 2026-05-06T14:41:31 <p>Information published.</p> 11.0 2026-05-17T14:41:37 <p>Information published.</p> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22029 19734-17084 19734-17084 Moderate 19734-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19734-17084 CBL-Mariner Releases 19734-17084 No Security Update 6.6.92.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19734-17084 CBL-Mariner Releases 2.0 2026-02-18T14:11:31 <p>Information published.</p> 1.0 2025-10-01T23:11:35 <p>Information published.</p> jfs: add check read-only before truncation in jfs_truncate_nolock() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-58094 20553-17084 17087-17086 20553-17084 17087-17086 Moderate 20553-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-30T01:01:20 <p>Information published.</p> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21894 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-11-02T02:01:35 <p>Information published.</p> ksmbd: prevent connection release during oplock break notification <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-21955 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-11-02T02:01:47 <p>Information published.</p> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-22090 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 1.0 2025-11-02T02:02:16 <p>Information published.</p> 2.0 2026-03-03T14:49:09 <p>Information published.</p> 3.0 2026-03-31T15:02:22 <p>Information published.</p> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV Mariner Linux Yes CVE-2025-38104 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 1.0 2025-11-06T01:01:39 <p>Information published.</p> 2.0 2025-12-07T01:46:35 <p>Information published.</p> 3.0 2026-01-08T14:37:02 <p>Information published.</p> 4.0 2026-01-20T14:48:09 <p>Information published.</p> 5.0 2026-02-18T02:54:50 <p>Information published.</p> 6.0 2026-02-27T14:36:21 <p>Information published.</p> net-imap rubygem vulnerable to possible DoS by memory exhaustion Mariner GitHub_M Yes CVE-2025-43857 Uncontrolled Resource Consumption 20392-17086 20631-17084 20392-17086 20631-17084 Important 20392-17086 Important 20631-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20392-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20631-17084 1.0 2025-11-25T01:02:50 <p>Information published.</p> 2.0 2025-12-02T01:40:00 <p>Information published.</p> Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability <p>Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could sequentially send specially crafted requests to a vulnerable LDAP server. Successful exploitation could result in a use after free which could be leveraged to achieve remote code execution.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2025-26663 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Kunlun Lab with https://www.cyberkl.com/ 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-26664 Buffer Over-read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows upnphost.dll Elevation of Privilege Vulnerability <p>Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows upnphost.dll Microsoft Yes CVE-2025-26665 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Media Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Windows Media Microsoft Yes CVE-2025-26666 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-26669 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-26667 Exposure of Sensitive Information to an Unauthorized Actor 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-26668 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Win32k Elevation of Privilege Vulnerability <p>Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An authenticated user needs to interact with a malicious printer.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-26681 Use After Free 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12085 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12098 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12099 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12437 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12242 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12243 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12244 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12389 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12390 6.7 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p> Windows Standards-Based Storage Management Service Microsoft Yes CVE-2025-26680 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows TCP/IP Remote Code Execution Vulnerability <p>Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metrics, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection to send a DHCPv6 request. The attacker could then send a DHCPv6 reply with a fake IPv6 address.</p> Windows TCP/IP Microsoft Yes CVE-2025-26686 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 @TrueUnitySect 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Win32k Elevation of Privilege Vulnerability <p>Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-26687 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12155 12156 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12155 Elevation of Privilege 12156 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12155 Important 12156 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.18730.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.22331 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Release Notes Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability <p>Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Virtual Hard Drive Microsoft Yes CVE-2025-26688 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://www.linkedin.com/in/kdj-abysslab">DongJun Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a> <a href="https://x.com/nevul37">Jongseong Kim</a> with <a href="https://www.enki.co.kr/">Enki WhiteHat</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft Streaming Service Denial of Service Vulnerability <p>Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Streaming Service Microsoft Yes CVE-2025-27471 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p> Windows Standards-Based Storage Management Service Microsoft Yes CVE-2025-27470 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> HTTP.sys Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows HTTP.sys Microsoft Yes CVE-2025-27473 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Mark of the Web Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment Services security prompt.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker could host a file on an attacker-controlled server, then convince a targeted user to download and open the file. This could allow the attacker to interfere with the Mark of the Web functionality.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web">Additional information about Mark of the Web</a> for further clarification</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Mark of the Web (MOTW) Microsoft Yes CVE-2025-27472 Protection Mechanism Failure 10729 10735 10378 10379 10483 10543 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 10729 Important 10735 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10729 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10735 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10378 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10379 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10483 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C 10543 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://x.com/0patch">Blaz Satler</a> with <a href="https://0patch.com/">0patch by ACROS Security</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-27474 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p>Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Digital Media Microsoft Yes CVE-2025-27476 Use After Free 11568 11569 11571 11572 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> and Dongjun Kim (smlijun) with Ajou University, and working at <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 1.1 2025-04-10T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Update Stack Elevation of Privilege Vulnerability <p>Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Update Stack Microsoft Yes CVE-2025-27475 Sensitive Data Storage in Improperly Locked Memory 12085 12086 12242 12243 12389 12390 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 12085 Important 12086 Important 12242 Important 12243 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12389 12390 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12389 12390 5055523 5055523 https://support.microsoft.com/help/5055523 12389 12390 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Telephony Service Microsoft Yes CVE-2025-27477 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Local Security Authority (LSA) Microsoft Yes CVE-2025-27478 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Kerberos Key Distribution Proxy Service Denial of Service Vulnerability <p>Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.</p> Windows Kerberos Microsoft Yes CVE-2025-27479 Insufficient Resource Pool 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12244 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Active Directory Certificate Services Elevation of Privilege Vulnerability <p>Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to those of domain administrator.</p> Windows Active Directory Certificate Services Microsoft Yes CVE-2025-27740 Weak Authentication 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12436 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Konstantin Ruhmann with <a href="https://www.vwfs.de/">Volkswagen Financial Services AG</a> Konstantin Ruhmann with <a href="https://www.vwfs.de/">Volkswagen Financial Services AG</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 1.1 2025-04-10T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> NTFS Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTFS Microsoft Yes CVE-2025-27741 Out-of-bounds Read 11568 11569 11571 11572 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://infosec.exchange/@wdormann">Will Dormann</a> with <a href="https://vu.ls/">Vul Labs</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft Office Elevation of Privilege Vulnerability <p>Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Office Microsoft Yes CVE-2025-27744 Improper Access Control 10754 Elevation of Privilege 10754 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002669 https://www.microsoft.com/en-us/download/details.aspx?id=108102 2920716 10754 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/kb/5002669 10754 5002669 <a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> NTFS Information Disclosure Vulnerability <p>Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> Windows NTFS Microsoft Yes CVE-2025-27742 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. If you have already installed KB5002700, you must also install KB5002623 to correct the known issue.</p> <p>If you have not yet installed any updates you must install both updates to correct the known issue. These updates can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-27745 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 0x140ce(Peace &amp; Love) 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. Customers who have already installed KB5002700 must also install KB5002623 to correct the known issue. Customers who have not yet installed any updates must install both updates to correct the known issue. These updates can be installed in any order.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-27746 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 11972 12420 12421 12440 10753 10754 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 11972 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 11972 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11972 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002699 https://www.microsoft.com/en-us/download/details.aspx?id=108106 5002690 10836 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002699 10836 5002699 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002680 https://www.microsoft.com/en-us/download/details.aspx?id=108104 5002667 11972 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002680 11972 5002680 4484432 https://www.microsoft.com/en-us/download/details.aspx?id=108100 4018319 10753 10754 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/help/4484432 10753 10754 4484432 Li Shuang and willJ with Vulnerability Research Institute 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. If you have already installed KB5002700, you must also install KB5002623 to correct the known issue.</p> <p>If you have not yet installed any updates you must install both updates to correct the known issue. These updates can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-27748 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 0x140ce 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. Customers who have already installed KB5002700 must also install KB5002623 to correct the known issue. Customers who have not yet installed any updates must install both updates to correct the known issue. These updates can be installed in any order.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the updates for SharePoint Enterprise Server 2016 (KB5002692) currently available?</strong></p> <p>Yes. As of April 15, 2025, the security update (KB5002692) for SharePoint Enterprise Server 2016 is available. Customers running SharePoint Enterprise Server 2016 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Word Microsoft Yes CVE-2025-27747 Untrusted Pointer Dereference 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002692 https://www.microsoft.com/en-us/download/details.aspx?id=108096 5002685 10950 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002692 10950 5002692 5002692 https://support.microsoft.com/help/5002692 10950 5002682 https://www.microsoft.com/en-us/download/details.aspx?id=108093 5002671 10950 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002682 10950 5002682 5002691 https://www.microsoft.com/en-us/download/details.aspx?id=108095 5002678 11585 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002691 11585 5002691 5002680 https://www.microsoft.com/en-us/download/details.aspx?id=108104 5002667 11585 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002680 11585 5002680 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002702 https://www.microsoft.com/en-us/download/details.aspx?id=108098 5002662 10746 10747 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002702 10746 10747 5002702 Zhiniang Peng with HUST, devoke with HUST, wh1tc with Kunlun Lab 1.0 2025-04-08T07:00:00 <p>Information published.</p> 4.1 2025-04-17T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> 2.0 2025-04-10T07:00:00 <p>Revised CVE to inform customers that security update 5002692 is temporarily unavailable following some reports that the update can't be installed. We are currently investigating the issue and will notify customers via a revision to this CVE information when the issue is resolved.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 4.0 2025-04-15T07:00:00 <p>The security update for SharePoint Enterprise Server 2016 (KB5002692) is now available. See the Security Updates table for more information.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. If you have already installed KB5002700, you must also install KB5002623 to correct the known issue.</p> <p>If you have not yet installed any updates you must install both updates to correct the known issue. These updates can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-27749 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 0x140ce 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. Customers who have already installed KB5002700 must also install KB5002623 to correct the known issue. Customers who have not yet installed any updates must install both updates to correct the known issue. These updates can be installed in any order.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft System Center Elevation of Privilege Vulnerability <p>Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.</p> <p><strong>What Microsoft System Center Products are affected by this vulnerability?</strong></p> <p>This vulnerability affects the following products under the Microsoft System Center:</p> <ul> <li>System Center Operations Manager</li> <li>System Center Service Manager</li> <li>System Center Orchestrator</li> <li>System Center Data protection Manager</li> <li>System Center Virtual Machine Manager</li> </ul> <p>For more information about these products see <a href="http://https://learn.microsoft.com/en-us/system-center/">System Center documentation</a>.</p> <p><strong>Will the product version change with the new installation media?</strong></p> <p>No. The RTM version of all System Center products remain unchanged. There's no change in the product version.</p> <p><strong>What existing System Center deployments are affected by this vulnerability?</strong></p> <p>There are no existing System Center deployments impacted by this vulnerability. However, it is recommended that users delete the existing installer setup files (.exe) and then download the latest version of their System Center product (.ZIP) found in the following table.</p> <table> <thead> <tr> <th>Product</th> <th>Download</th> </tr> </thead> <tbody> <tr> <td>System Center Virtual Machine Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195845">https://go.microsoft.com/fwlink/p/?LinkID=2195845</a></td> </tr> <tr> <td>System Center Virtual Machine Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195725">https://go.microsoft.com/fwlink/p/?LinkID=2195725</a></td> </tr> <tr> <td>System Center Virtual Machine Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292412">https://go.microsoft.com/fwlink/?linkid=2292412</a></td> </tr> <tr> <td>System Center Data Protection Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292311">https://go.microsoft.com/fwlink/?linkid=2292311</a></td> </tr> <tr> <td>System Center Data Protection Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195847">https://go.microsoft.com/fwlink/p/?LinkID=2195847</a></td> </tr> <tr> <td>System Center Data Protection Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195851">https://go.microsoft.com/fwlink/p/?LinkID=2195851</a></td> </tr> <tr> <td>System Center Orchestrator 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195848">https://go.microsoft.com/fwlink/p/?LinkID=2195848</a></td> </tr> <tr> <td>System Center Orchestrator 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195531">https://go.microsoft.com/fwlink/p/?LinkID=2195531</a></td> </tr> <tr> <td>System Center Orchestrator 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292411">https://go.microsoft.com/fwlink/?linkid=2292411</a></td> </tr> <tr> <td>System Center Service Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195849">https://go.microsoft.com/fwlink/p/?LinkID=2195849</a></td> </tr> <tr> <td>System Center Service Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195846">https://go.microsoft.com/fwlink/p/?LinkID=2195846</a></td> </tr> <tr> <td>System Center Service Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292310">https://go.microsoft.com/fwlink/?linkid=2292310</a></td> </tr> <tr> <td>System Center Operations Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195532">https://go.microsoft.com/fwlink/p/?LinkID=2195532</a></td> </tr> <tr> <td>System Center Operations Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195530">https://go.microsoft.com/fwlink/p/?LinkID=2195530</a></td> </tr> <tr> <td>System Center Operations Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292308">https://go.microsoft.com/fwlink/?linkid=2292308</a></td> </tr> </tbody> </table> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Only customers who re-use existing System Center installer files (.exe) files to deploy new instances in their environment are affected by this vulnerability. Customers performing installations in this manner must delete the existing installer setup files (.exe) and then download the latest version of their System Center product linked in the following table.</p> <p>Customers who download new versions of the setup files (.ZIP) for new deployments are not affected and do not need to perform any action to mitigate the vulnerability.</p> <table> <thead> <tr> <th>Product</th> <th>Download</th> </tr> </thead> <tbody> <tr> <td>System Center Virtual Machine Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195845">https://go.microsoft.com/fwlink/p/?LinkID=2195845</a></td> </tr> <tr> <td>System Center Virtual Machine Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195725">https://go.microsoft.com/fwlink/p/?LinkID=2195725</a></td> </tr> <tr> <td>System Center Virtual Machine Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292412">https://go.microsoft.com/fwlink/?linkid=2292412</a></td> </tr> <tr> <td>System Center Data Protection Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292311">https://go.microsoft.com/fwlink/?linkid=2292311</a></td> </tr> <tr> <td>System Center Data Protection Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195847">https://go.microsoft.com/fwlink/p/?LinkID=2195847</a></td> </tr> <tr> <td>System Center Data Protection Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195851">https://go.microsoft.com/fwlink/p/?LinkID=2195851</a></td> </tr> <tr> <td>System Center Orchestrator 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195848">https://go.microsoft.com/fwlink/p/?LinkID=2195848</a></td> </tr> <tr> <td>System Center Orchestrator 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195531">https://go.microsoft.com/fwlink/p/?LinkID=2195531</a></td> </tr> <tr> <td>System Center Orchestrator 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292411">https://go.microsoft.com/fwlink/?linkid=2292411</a></td> </tr> <tr> <td>System Center Service Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195849">https://go.microsoft.com/fwlink/p/?LinkID=2195849</a></td> </tr> <tr> <td>System Center Service Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195846">https://go.microsoft.com/fwlink/p/?LinkID=2195846</a></td> </tr> <tr> <td>System Center Service Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292310">https://go.microsoft.com/fwlink/?linkid=2292310</a></td> </tr> <tr> <td>System Center Operations Manager 2019</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195532">https://go.microsoft.com/fwlink/p/?LinkID=2195532</a></td> </tr> <tr> <td>System Center Operations Manager 2022</td> <td><a href="https://go.microsoft.com/fwlink/p/?LinkID=2195530">https://go.microsoft.com/fwlink/p/?LinkID=2195530</a></td> </tr> <tr> <td>System Center Operations Manager 2025</td> <td><a href="https://go.microsoft.com/fwlink/?linkid=2292308">https://go.microsoft.com/fwlink/?linkid=2292308</a></td> </tr> </tbody> </table> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker must have access to the device to access the System Center Windows installer packages and then utilize DLL hijacking.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation.</p> System Center Microsoft Yes CVE-2025-27743 Untrusted Search Path 12531 12530 12532 12529 12528 12527 12524 12525 12526 12521 12522 12523 12057 12058 12458 Elevation of Privilege 12531 Elevation of Privilege 12530 Elevation of Privilege 12532 Elevation of Privilege 12529 Elevation of Privilege 12528 Elevation of Privilege 12527 Elevation of Privilege 12524 Elevation of Privilege 12525 Elevation of Privilege 12526 Elevation of Privilege 12521 Elevation of Privilege 12522 Elevation of Privilege 12523 Elevation of Privilege 12057 Elevation of Privilege 12058 Elevation of Privilege 12458 Important 12531 Important 12530 Important 12532 Important 12529 Important 12528 Important 12527 Important 12524 Important 12525 Important 12526 Important 12521 Important 12522 Important 12523 Important 12057 Important 12058 Important 12458 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12531 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12530 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12532 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12529 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12528 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12527 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12524 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12525 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12526 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12521 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12522 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12523 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12057 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12058 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12458 <a href="https://medium.com/@spoppi">Sandro Poppi</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Excel Microsoft Yes CVE-2025-27751 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002699 https://www.microsoft.com/en-us/download/details.aspx?id=108106 5002690 10836 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002699 10836 5002699 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002704 https://www.microsoft.com/en-us/download/details.aspx?id=108099 5002696 10739 10740 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/help/5002704 10739 10740 5002704 f4(@dnpushme) 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. If you have already installed KB5002700, you must also install KB5002623 to correct the known issue.</p> <p>If you have not yet installed any updates you must install both updates to correct the known issue. These updates can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Excel Microsoft Yes CVE-2025-27752 Heap-based Buffer Overflow 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 0x140ce 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. Customers who have already installed KB5002700 must also install KB5002623 to correct the known issue. Customers who have not yet installed any updates must install both updates to correct the known issue. These updates can be installed in any order.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Excel Microsoft Yes CVE-2025-27750 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002704 https://www.microsoft.com/en-us/download/details.aspx?id=108099 5002696 10739 10740 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/help/5002704 10739 10740 5002704 f4(@dnpushme) 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. If you have already installed KB5002700, you must also install KB5002623 to correct the known issue.</p> <p>If you have not yet installed any updates you must install both updates to correct the known issue. These updates can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-29791 Access of Resource Using Incompatible Type ('Type Confusion') 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 0x140ce 2.0 2025-04-10T07:00:00 <p>To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. Customers who have already installed KB5002700 must also install KB5002623 to correct the known issue. Customers who have not yet installed any updates must install both updates to correct the known issue. These updates can be installed in any order.</p> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> <p><strong>Is the updates for SharePoint Enterprise Server 2016 (KB5002692) currently available?</strong></p> <p>Yes. As of April 15, 2025, the security update (KB5002692) for SharePoint Enterprise Server 2016 is available. Customers running SharePoint Enterprise Server 2016 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-29793 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002692 https://www.microsoft.com/en-us/download/details.aspx?id=108096 5002685 10950 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002692 10950 5002692 5002692 https://support.microsoft.com/help/5002692 10950 5002691 https://www.microsoft.com/en-us/download/details.aspx?id=108095 5002678 11585 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002691 11585 5002691 5002705 https://www.microsoft.com/en-us/download/details.aspx?id=108101 5002681 11961 Maybe Security Update 16.0.18526.20172 https://support.microsoft.com/help/5002705 11961 5002705 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>Revised CVE to inform customers that security update 5002692 is temporarily unavailable following some reports that the update can't be installed. We are currently investigating the issue and will notify customers via a revision to this CVE information when the issue is resolved.</p> 3.0 2025-04-15T07:00:00 <p>The security update for SharePoint Enterprise Server 2016 (KB5002692) is now available. See the Security Updates table for more information.</p> Microsoft Office Elevation of Privilege Vulnerability <p>Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. If you have already installed KB5002700, you must also install KB5002623 to correct the known issue.</p> <p>If you have not yet installed any updates you must install both updates to correct the known issue. These updates can be installed in any order.</p> Microsoft Office Microsoft Yes CVE-2025-29792 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 10753 10754 Elevation of Privilege 11573 Elevation of Privilege 11574 Elevation of Privilege 11762 Elevation of Privilege 11763 Elevation of Privilege 11952 Elevation of Privilege 11953 Elevation of Privilege 12420 Elevation of Privilege 12421 Elevation of Privilege 10753 Elevation of Privilege 10754 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 <a href="https://twitter.com/y311owb0y">邹瑞伦</a> with <a href="https://www.qianxin.com/product/detail/pid/372">Codesafe Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>To address a known issue that customers might experience after installing KB5002700 and that causes Microsoft Word, Microsoft Excel, and Microsoft Outlook to stop responding, Microsoft released KB5002623. Customers who have already installed KB5002700 must also install KB5002623 to correct the known issue. Customers who have not yet installed any updates must install both updates to correct the known issue. These updates can be installed in any order.</p> Microsoft Edge for iOS Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> Microsoft Edge for iOS Microsoft Yes CVE-2025-29796 User Interface (UI) Misrepresentation of Critical Information 11966 Spoofing 11966 Low 11966 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.7 4.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C 11966 Release Notes 11966 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11966 Release Notes Barath Stalin K 1.0 2025-04-03T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> <p><strong>Is the updates for SharePoint Enterprise Server 2016 (KB5002692) currently available?</strong></p> <p>Yes. As of April 15, 2025, the security update (KB5002692) for SharePoint Enterprise Server 2016 is available. Customers running SharePoint Enterprise Server 2016 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-29794 Improper Authorization 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002692 https://www.microsoft.com/en-us/download/details.aspx?id=108096 5002685 10950 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002692 10950 5002692 5002692 https://support.microsoft.com/help/5002692 10950 5002691 https://www.microsoft.com/en-us/download/details.aspx?id=108095 5002678 11585 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002691 11585 5002691 5002705 https://www.microsoft.com/en-us/download/details.aspx?id=108101 5002681 11961 Maybe Security Update 16.0.18526.20172 https://support.microsoft.com/help/5002705 11961 5002705 cjm00n with Kunlun Lab & Zhiniang Peng with HUST 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>Revised CVE to inform customers that security update 5002692 is temporarily unavailable following some reports that the update can't be installed. We are currently investigating the issue and will notify customers via a revision to this CVE information when the issue is resolved.</p> 3.0 2025-04-15T07:00:00 <p>The security update for SharePoint Enterprise Server 2016 (KB5002692) is now available. See the Security Updates table for more information.</p> 3.1 2025-04-23T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Microsoft Dynamics Business Central Information Disclosure Vulnerability <p>Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker that successfully exploited this vulnerability could recover cleartext passwords from memory.</p> Dynamics Business Central Microsoft Yes CVE-2025-29821 Improper Input Validation 12516 12515 12514 12513 Information Disclosure 12516 Information Disclosure 12515 Information Disclosure 12514 Information Disclosure 12513 Important 12516 Important 12515 Important 12514 Important 12513 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12516 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12515 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12514 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12513 5056717 https://download.microsoft.com/download/8be3cb71-652c-44cf-91f7-f0079d79a67e/Dynamics.365.BC.32447.US.DVD.zip 12516 Maybe Security Update 24.12.32447.0 https://support.microsoft.com/en-us/help/5056717 12516 5056717 5056716 https://download.microsoft.com/download/74eaf1bd-a1d3-4b8b-a688-dd1857c0a61c/Dynamics.365.BC.32409.US.DVD.zip 12515 Maybe Security Update 23.18.32409 https://support.microsoft.com/en-us/help/5056716 12515 5056716 5056718 https://download.microsoft.com/download/cd199d92-3b8f-4c03-935f-23f6636e5229/Dynamics.365.BC.32556.US.DVD.zip 12514 Maybe Security Update 25.6.32556 https://support.microsoft.com/en-us/help/5056718 12514 5056718 Release Notes https://download.microsoft.com/download/840ce874-dbc3-430f-a17e-6ed5d9d465bf/Dynamics.365.BC.32481.US.DVD.zip 12513 Maybe Security Update 26.0.32481 https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/whatsnew/whatsnew-update-26-0 12513 Release Notes Nicklas Broberg Larsson with Navigot AB 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the updates for SharePoint Enterprise Server 2016 (KB5002692) currently available?</strong></p> <p>Yes. As of April 15, 2025, the security update (KB5002692) for SharePoint Enterprise Server 2016 is available. Customers running SharePoint Enterprise Server 2016 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Word Microsoft Yes CVE-2025-29820 Use After Free 10950 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 10950 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Important 10950 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 5002692 https://www.microsoft.com/en-us/download/details.aspx?id=108096 5002685 10950 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002692 10950 5002692 5002692 https://support.microsoft.com/help/5002692 10950 5002682 https://www.microsoft.com/en-us/download/details.aspx?id=108093 5002671 10950 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002682 10950 5002682 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002702 https://www.microsoft.com/en-us/download/details.aspx?id=108098 5002662 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002702 10753 10754 5002702 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>Revised CVE to inform customers that security update 5002692 is temporarily unavailable following some reports that the update can't be installed. We are currently investigating the issue and will notify customers via a revision to this CVE information when the issue is resolved.</p> 3.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 4.0 2025-04-15T07:00:00 <p>The security update for SharePoint Enterprise Server 2016 (KB5002692) is now available. See the Security Updates table for more information.</p> Microsoft OneNote Security Feature Bypass Vulnerability <p>Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office OneNote Microsoft Yes CVE-2025-29822 Incomplete List of Disallowed Inputs 11573 11574 11762 11763 11952 11953 12468 12420 12421 10762 10763 12440 11951 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 12468 Security Feature Bypass 12420 Security Feature Bypass 12421 Security Feature Bypass 10762 Security Feature Bypass 10763 Security Feature Bypass 12440 Security Feature Bypass 11951 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12468 Important 12420 Important 12421 Important 10762 Important 10763 Important 12440 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12468 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12468 Yes Security Update 16.96.25033028 https://go.microsoft.com/fwlink/p/?linkid=831049 12468 Release Notes 5002622 https://www.microsoft.com/en-us/download/details.aspx?id=108107 4484434 10762 10763 Maybe Security Update 16.0.5495.1001 https://support.microsoft.com/help/5002622 10762 10763 5002622 Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12440 11951 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 11951 Release Notes Daniel Weglowski 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-29823 Use After Free 11762 11763 Remote Code Execution 11762 Remote Code Execution 11763 Important 11762 Important 11763 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run f4 &amp; Zhiniang Peng with HUST 1.0 2025-04-08T07:00:00 <p>Information published.</p> 1.1 2025-05-13T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2025-29824 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Microsoft Threat Intelligence Center 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-24074 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 YanZiShuang@BigCJTeam of cyberkl 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows DWM Core Library Microsoft Yes CVE-2025-24073 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 YanZiShuang@BigCJTeam of cyberkl Microsoft Offensive Research &amp; Security Engineering (MORSE) with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft Power Automate Desktop Information Disclosure Vulnerability <p>Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p> Power Automate Microsoft Yes CVE-2025-29817 Uncontrolled Search Path Element 12410 Information Disclosure 12410 Important 12410 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12410 Release Notes https://apps.microsoft.com/detail/9nftch6j7fhv?launch=true&mode=full&hl=en-us&gl=us&ocid=bingwebsearch 12410 Maybe Security Update 2.51.349.24355 https://apps.microsoft.com/detail/9nftch6j7fhv?launch=true&mode=full&hl=en-us&gl=us&ocid=bingwebsearch 12410 Release Notes <a href="https://www.linkedin.com/in/tobias-diehl-19ba901b5/">Tobias Diehl</a> with <a href="https://umpquabank.com/">Umpqua Bank</a> <a href="https://twitter.com/20brokensp">Sam Pope</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2025-04-15T07:00:00 <p>Information published.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p> Windows Standards-Based Storage Management Service Microsoft Yes CVE-2025-21174 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Microsoft SMIS Team <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with HUST and wh1tc with kunlun lab 1.1 2025-04-11T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 1.2 2025-05-20T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 1.3 2025-05-30T07:00:00 <p>In the Security Updates table, corrected the Download and Article links for Windows Server 2012 R2 and Windows Server 2012 R2 (Server Core installation). This is an informational change only.</p> Windows NTFS Information Disclosure Vulnerability <p>Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized access to the file system, specifically file path information.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows NTFS Microsoft Yes CVE-2025-21197 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12436 12437 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 12436 Information Disclosure 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12436 Important 12437 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12389 12390 12436 12437 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12389 12390 12436 12437 5055523 5055523 https://support.microsoft.com/help/5055523 12389 12390 12436 12437 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <p>The following mitigating factors might be helpful in your situation:</p> <p>To mitigate against possible application compatibility risks, the fix to address this vulnerability has been released as <strong>disabled</strong> by default. However, administrators have been given the ability to enable this behavior if needed through a registry key. For specific instructions on how administrators can enable this behavior, please see the following article: <a href="https://support.microsoft.com/help/5058189">https://support.microsoft.com/help/5058189</a></p> S&#233;bastien Huneault with <a href="https://cyberquebec.org/">CyberQu&#233;bec</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Local Security Authority (LSA) Microsoft Yes CVE-2025-21191 Time-of-check Time-of-use (TOCTOU) Race Condition 12436 12437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12436 Elevation of Privilege 12437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12436 Important 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12436 12437 12389 12390 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12436 12437 12389 12390 5055523 5055523 https://support.microsoft.com/help/5055523 12436 12437 12389 12390 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Microsoft Offensive Research &amp; Security Engineering with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Telephony Service Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Telephony Service Microsoft Yes CVE-2025-21205 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Floriel (EPIN) 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-21203 Buffer Over-read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Process Activation Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker who successfully exploits this vulnerability gains the ability to perform and/or manipulate file management operations on the victim machine in the context of the NT AUTHORITY\SYSTEM account.</p> <p><strong>Does installing the Windows security updates that address this CVE cause visible change on devices?</strong></p> <p>After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device. <strong>This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.</strong> This behavior is part of changes that increase protection and does not require any action from IT admins and end users.</p> <p><strong>What remediation steps do I need to take to protect myself with regard to the %systemroot%\inetpub directory?</strong></p> <p>For systems with KB5055528 installed and %systemroot%\inetpub directory intact, no additional action is required.</p> <p>For systems with KB5055528 installed but %systemroot%\inetpub directory deleted, immediate remediation is required. If the inetpub directory has been deleted, you need to run the remediation script <a href="https://www.powershellgallery.com/packages/">Set-InetpubFolderAcl.ps1</a>.</p> <p>This script will:</p> <ol> <li>Recreate the inetpub directory if it has been deleted.</li> <li>Ensure that the directory permissions are correctly configured to prevent unauthorized access and potential vulnerabilities related to CVE-2025-21204.</li> <li>Update ACLs for the DeviceHealthAttestation directory, if it exists. This directory was created on certain Server versions by the February 2025 security updates. The script will update the ACLs for the DeviceHealthAttestation directory to ensure it is secure.</li> </ol> Windows Update Stack Microsoft Yes CVE-2025-21204 Improper Link Resolution Before File Access ('Link Following') 12436 12437 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12436 Elevation of Privilege 12437 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12436 Important 12437 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12436 12437 12389 12390 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12436 12437 12389 12390 5055523 5055523 https://support.microsoft.com/help/5055523 12436 12437 12389 12390 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> 2.1 2025-04-10T07:00:00 <p>Added FAQ to explain that after installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device. <strong>This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device.</strong> This behavior is part of changes that increase protection and does not require any action from IT admins and end users. This is an informational change only.</p> 2.2 2025-06-04T07:00:00 <p>Added an FAQ to explain the remediation steps customers need to take to be protected from CVE-2025-21204. This includes a link to a script to aid in completing the remediation steps. This is an informational change only.</p> Windows Telephony Service Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> Windows Telephony Service Microsoft Yes CVE-2025-21221 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Floriel (EPIN) 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Telephony Service Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> Windows Telephony Service Microsoft Yes CVE-2025-21222 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Floriel (EPIN) 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-24058 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 YanZiShuang@BigCJTeam of cyberkl 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-25000 Access of Resource Using Incompatible Type ('Type Confusion') 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a> 1.0 2025-04-03T07:00:00 <p>Information published.</p> 1.1 2025-04-18T07:00:00 <p>Corrected Build Number in the Security Updates table. This is an informational change only.</p> Microsoft Edge for iOS Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This vulnerability requires that a user have multiple browser instances open of the affected version of Microsoft Edge (Chromium-based), one of which is a specially crafted website hosted by the attacker. The user would need to access the URL of the malicious website and then click a popup displayed on that site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>132.0.2957.118</td> <td>1/20/2025</td> <td>132.0.6834.84</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-25001 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11966 Spoofing 11966 Low 11966 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11966 Release Notes 11966 No Security Update 132.0.2957.118 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11966 Release Notes <a href="https://www.instagram.com/zaid_ghiffarii/">MUHAMMAD ZAID GHIFARI</a> with <a href="https://www.instagram.com/sobatcyberid/">KALIMANTAN UTARA</a> 1.0 2025-04-03T07:00:00 <p>Information published.</p> Azure Local Cluster Information Disclosure Vulnerability <p>Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information.</p> <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Azure Local Cluster Microsoft Yes CVE-2025-25002 Insertion of Sensitive Information into Log File 12503 Information Disclosure 12503 Important 12503 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12503 Release Notes https://github.com/Azure/AzureLocal-Supportability/blob/main/TSG/Observability/Upgrading-the-TelemetryAndDiagnostics-ARC-Extension-to-Version-2.0.16.0-or-Later.md 12503 Maybe Security Update 2411.2 https://github.com/Azure/AzureLocal-Supportability/blob/main/TSG/Observability/Upgrading-the-TelemetryAndDiagnostics-ARC-Extension-to-Version-2.0.16.0-or-Later.md 12503 Release Notes Alex Stanescu with Microsoft Derek Chu and Alex Stanescu with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> Azure Local Cluster Information Disclosure Vulnerability <p>Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information such as a token, credentials, resource ids, sas tokens, user properties, and other sensitive information.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, such as a token and credential in this scenario (Confidentiality) and make changes to disclosed information (Integrity), and they might be able to force a crash within the service (Availability).</p> Azure Local Cluster Microsoft Yes CVE-2025-26628 Insufficiently Protected Credentials 12503 Information Disclosure 12503 Important 12503 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 12503 Release Notes https://github.com/Azure/AzureLocal-Supportability/blob/main/TSG/Observability/Upgrading-the-TelemetryAndDiagnostics-ARC-Extension-to-Version-2.0.16.0-or-Later.md 12503 Maybe Security Update 2411.2 https://github.com/Azure/AzureLocal-Supportability/blob/main/TSG/Observability/Upgrading-the-TelemetryAndDiagnostics-ARC-Extension-to-Version-2.0.16.0-or-Later.md 12503 Release Notes Vani Nadh Koyi with Microsoft Vijay Chegu with Microsoft Dan DeFolo with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows USB Print Driver Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows USB Print Driver Microsoft Yes CVE-2025-26639 Integer Overflow or Wraparound Heap-based Buffer Overflow 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Hello Security Feature Bypass Vulnerability <p>Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the Windows Hello security feature.</p> <p><strong>Where can I find more information about Windows Hello?</strong></p> <p>Please see <a href="https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello">Windows Hello | Microsoft Learn</a> for more details.</p> Windows Hello Microsoft Yes CVE-2025-26635 Weak Authentication 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Eduardo Barrera with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows BitLocker Security Feature Bypass Vulnerability <p>Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2025-26637 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://www.julian-lemmerich.de/">Julian Lemmerich</a> with <a href="https://www.cirosec.de/">cirosec GmbH</a> <a href="https://www.linkedin.com/in/lukas-dusold-660554347">Lukas Dusold</a> with <a href="https://www.cirosec.de/">cirosec GmbH</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Microsoft Office Remote Code Execution Vulnerability <p>Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-26642 Out-of-bounds Read Integer Overflow or Wraparound 10836 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 10753 10754 10751 10752 Remote Code Execution 10836 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10751 Remote Code Execution 10752 Important 10836 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Important 10753 Important 10754 Important 10751 Important 10752 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10751 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10752 5002699 https://www.microsoft.com/en-us/download/details.aspx?id=108106 5002690 10836 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002699 10836 5002699 5002691 https://www.microsoft.com/en-us/download/details.aspx?id=108095 5002678 11585 Maybe Security Update 16.0.10417.20003 https://support.microsoft.com/help/5002691 11585 5002691 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002704 https://www.microsoft.com/en-us/download/details.aspx?id=108099 5002696 10739 10740 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/help/5002704 10739 10740 5002704 5002588 https://www.microsoft.com/en-us/download/details.aspx?id=108097 5002115 10753 10754 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/help/5002588 10753 10754 5002588 5002703 https://www.microsoft.com/en-us/download/details.aspx?id=108108 5002694 10753 10754 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/help/5002703 10753 10754 5002703 5002701 https://www.microsoft.com/en-us/download/details.aspx?id=108105 5002697 10751 10752 Maybe Security Update 16.0.5495.1000 https://support.microsoft.com/kb/5002701 10751 10752 5002701 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Windows Digital Media Elevation of Privilege Vulnerability <p>Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker with low integrity level privileges who successfully exploited this vulnerability could gain medium integrity level privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Digital Media Microsoft Yes CVE-2025-26640 Use After Free Double Free 11568 11569 11571 11572 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Cryptographic Services Microsoft Yes CVE-2025-26641 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Hello Spoofing Vulnerability <p>Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.</p> Windows Hello Microsoft Yes CVE-2025-26644 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations 11568 11569 11571 11572 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12389 12390 12436 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12389 Spoofing 12390 Spoofing 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11568 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11569 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11571 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11572 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11929 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11930 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 11931 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12097 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12098 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12099 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12437 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12389 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12390 5.1 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 Hu Bowen with <a href="https://ntu.edu.sg/">Nanyang Technological University</a> Wang Kuo with <a href="https://ntu.edu.sg/">Nanyang Technological University</a> Chang Chip-Hong with <a href="https://ntu.edu.sg/">Nanyang Technological University</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2025-26648 Sensitive Data Storage in Improperly Locked Memory Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Secure Channel Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Windows Secure Channel Microsoft Yes CVE-2025-26649 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p>Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could be assigned much greater rights by the Key Distribution Center to the certificate than intended.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability by obtaining a certificate containing the target Subject Key Identifier (SKI) value from a Certificate Authority (CA). The attacker could then use this certificate to get a Ticket Granting Ticket (TGT) for the target user from the Key Distribution Center (KDC).</p> Windows Kerberos Microsoft Yes CVE-2025-26647 Improper Input Validation 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12437 Elevation of Privilege 12244 Elevation of Privilege 12436 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <p>To help protect your environment and prevent outages, we recommend the following steps:</p> <ul> <li>UPDATE all Windows computers and domain controllers with a Windows update released on or after April 8, 2025.</li> <li>MONITOR audit events that will be visible in Audit mode to identify all devices that are not updated.</li> <li>ENABLE Enforcement mode once your environment is no longer using certificates issued by authorities that are not in the NTAuth store.</li> </ul> <p>For more information, please review: <a href="https://support.microsoft.com/help/5057784">https://support.microsoft.com/help/5057784</a>.</p> <a href="https://linkedin.com/in/virot">Oscar Virot</a> with <a href="https://toriv.com/">Toriv AB</a> 1.1 2025-04-10T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Local Session Manager (LSM) Denial of Service Vulnerability <p>Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.</p> Windows Local Session Manager (LSM) Microsoft Yes CVE-2025-26651 Exposed Dangerous Method or Function 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11923 Denial of Service 11924 Denial of Service 12085 Denial of Service 12086 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 <a href="https://www.linkedin.com/in/remco-vandermeer/">Remco van der Meer</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p> Windows Standards-Based Storage Management Service Microsoft Yes CVE-2025-26652 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability <p>Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could sequentially send specially crafted requests to a vulnerable LDAP server. Successful exploitation could result in a use after free which could be leveraged to achieve remote code execution.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2025-26670 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Remote Desktop Services Remote Code Execution Vulnerability <p>Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-26671 Use After Free Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 12437 12244 12436 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 ʌ!ɔ⊥ojv with Kunlun Lab 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Media Microsoft Yes CVE-2025-26674 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-26672 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2025-26673 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> <a href="https://www.linkedin.com/in/or-yair">Or Yair</a> and Shahak Morag with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> 2.1 2025-05-13T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> Windows Subsystem for Linux Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Subsystem for Linux Microsoft Yes CVE-2025-26675 Out-of-bounds Read 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-26676 Buffer Over-read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Defender Application Control Security Feature Bypass Vulnerability <p>Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by launching any executable that is allowed to launch by a per process rule. Once that executable is validly launched by the correct process, any restrictions on the executable are lifted; and it can be executed outside of the correct process. This bypasses the application control policy entirely</p> Windows Defender Application Control (WDAC) Microsoft Yes CVE-2025-26678 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Deven Bowers with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> RPC Endpoint Mapper Service Elevation of Privilege Vulnerability <p>Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> RPC Endpoint Mapper Service Microsoft Yes CVE-2025-26679 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Networks</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows LDAP - Lightweight Directory Access Protocol Microsoft Yes CVE-2025-27469 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p> Windows Standards-Based Storage Management Service Microsoft Yes CVE-2025-27485 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability <p>Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Universal Plug and Play (UPnP) Device Host Microsoft Yes CVE-2025-27484 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Remote Desktop Services Remote Code Execution Vulnerability <p>Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Remote Desktop Gateway Service Microsoft Yes CVE-2025-27480 Use After Free 11571 11572 11923 11924 12437 12244 12436 10816 10855 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12244 Critical 12436 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 ʌ!ɔ⊥ojv with Kunlun Lab 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Telephony Service Remote Code Execution Vulnerability <p>Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Telephony Service Microsoft Yes CVE-2025-27481 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Remote Desktop Services Remote Code Execution Vulnerability <p>Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.</p> Remote Desktop Gateway Service Microsoft Yes CVE-2025-27482 Sensitive Data Storage in Improperly Locked Memory 11571 11572 11923 11924 12437 12244 12436 10816 10855 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12437 Critical 12244 Critical 12436 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 ʌ!ɔ⊥ojv with Kunlun Lab bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> NTFS Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTFS Microsoft Yes CVE-2025-27483 Out-of-bounds Read 11568 11569 11571 11572 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://infosec.exchange/@wdormann">Will Dormann</a> with <a href="https://vu.ls/">Vul Labs</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Remote Desktop Client Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Remote Desktop Client Microsoft Yes CVE-2025-27487 Heap-based Buffer Overflow 12457 11568 11569 11571 11572 11849 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 12457 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12457 Important 11568 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12457 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 Release Notes https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Maybe Security Update 2.0.379.0 https://learn.microsoft.com/en-us/windows-app/whats-new?toc=admins%2Ftoc.json&tabs=windows 12457 Release Notes 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260810 11849 Maybe Security Update 1.2.6081.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-1260810 11849 Release Notes 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Josh Watson with Microsoft Nicholas Vadasz with Microsoft Philemon Orphee Favrod with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Azure Local Elevation of Privilege Vulnerability <p>Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges would an attacker gain by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could load a non-Microsoft DLL into an enclave, potentially leading to code execution within the context of the target enclave.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Azure Local Microsoft Yes CVE-2025-27489 Improper Input Validation 12426 12427 Elevation of Privilege 12426 Elevation of Privilege 12427 Important 12426 Important 12427 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12426 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12427 5055526 https://support.microsoft.com/en-us/topic/release-notes-for-azure-stack-hci-version-22h2-fea63106-a0a9-4b6c-bb72-a07985c98a56 12426 Yes Security Update 10.0.20348.3328 https://support.microsoft.com/help/5055526 12426 5055526 Release Notes https://learn.microsoft.com/en-us/azure-stack/hci/update/about-updates-23h2 12427 Yes Security Update 10.0.25398.1486 https://learn.microsoft.com/en-us/azure/azure-local/release-information-23h2?view=azloc-2503 12427 Release Notes Microsoft Offensive Research &amp; Security Engineering 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Standards-Based Storage Management Service Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.</p> Windows Standards-Based Storage Management Service Microsoft Yes CVE-2025-27486 Uncontrolled Resource Consumption 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 12436 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12436 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10816 10855 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Secure Channel Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Windows Secure Channel Microsoft Yes CVE-2025-27492 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Hyper-V Microsoft Yes CVE-2025-27491 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 Chief Banana 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Bluetooth Service Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account.</p> Windows Bluetooth Service Microsoft Yes CVE-2025-27490 Heap-based Buffer Overflow Out-of-bounds Read 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Erik Peterson with Microsoft Corporation Robert Zhao and Erik Peterson with Microsoft Corporation 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p>Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2025-27727 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://twitter.com/sim0nsecurity">Simon (@sim0nsecurity)</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Shell Remote Code Execution Vulnerability <p>Use after free in Windows Shell allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Windows Shell Microsoft Yes CVE-2025-27729 Use After Free 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12389 12390 12436 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 Zhiniang Peng with HUST Ver Lewis Lee 1.1 2025-04-17T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2025-27728 Out-of-bounds Read 12437 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability <p>Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> OpenSSH for Windows Microsoft Yes CVE-2025-27731 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 <a href="https://bsky.app/profile/jborean.bsky.social">Jordan Borean</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Digital Media Elevation of Privilege Vulnerability <p>Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> Windows Digital Media Microsoft Yes CVE-2025-27730 Use After Free Double Free 11568 11569 11571 11572 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> and Dongjun Kim (smlijun) with Ajou University, and working at <a href="https://www.enki.co.kr/">ENKI WhiteHat</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 1.1 2025-04-10T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-27732 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-10T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> NTFS Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTFS Microsoft Yes CVE-2025-27733 Out-of-bounds Read 11568 11569 11571 11572 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 <a href="https://infosec.exchange/@wdormann">Will Dormann</a> with <a href="https://vu.ls/">Vul Labs</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability <p>Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the <a href="https://learn.microsoft.com/windows-hardware/design/device-experiences/oem-vbs">Virtualization-based Security</a> feature.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Virtualization-Based Security (VBS) Enclave Microsoft Yes CVE-2025-27735 Insufficient Verification of Data Authenticity 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 6.0 5.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Power Dependency Coordinator Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows Power Dependency Coordinator Microsoft Yes CVE-2025-27736 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 Microsoft Offensive Research &amp; Security Engineering 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Security Zone Mapping Security Feature Bypass Vulnerability <p>Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2?</strong></p> <p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p> <p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A URL path could be constructed by an attacker in such a way that the URL’s Zone is interpreted as belonging to a more privileged zone</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Windows Security Zone Mapping Microsoft Yes CVE-2025-27737 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.6 7.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055515 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055515 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Yes IE Cumulative 1.000 https://support.microsoft.com/en-us/help/5055515 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 5055515 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Ben Faull with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Resilient File System (ReFS) Information Disclosure Vulnerability <p>Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized access to the file system, specifically file path information.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2025-27738 Improper Access Control 11931 12243 12244 12099 11929 12389 12390 12436 12097 12242 12098 12437 10729 10735 10852 10853 11924 11923 10855 10816 12085 12086 11930 11568 11571 10483 10543 10378 10379 11569 11572 Information Disclosure 11931 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12099 Information Disclosure 11929 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 12097 Information Disclosure 12242 Information Disclosure 12098 Information Disclosure 12437 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 11924 Information Disclosure 11923 Information Disclosure 10855 Information Disclosure 10816 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 11930 Information Disclosure 11568 Information Disclosure 11571 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 11569 Information Disclosure 11572 Important 11931 Important 12243 Important 12244 Important 12099 Important 11929 Important 12389 Important 12390 Important 12436 Important 12097 Important 12242 Important 12098 Important 12437 Important 10729 Important 10735 Important 10852 Important 10853 Important 11924 Important 11923 Important 10855 Important 10816 Important 12085 Important 12086 Important 11930 Important 11568 Important 11571 Important 10483 Important 10543 Important 10378 Important 10379 Important 11569 Important 11572 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11931 11929 11930 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11931 11929 11930 5055518 5055518 https://support.microsoft.com/help/5055518 11931 12099 11929 12097 12098 11930 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12243 12242 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12243 12242 5055528 5055528 https://support.microsoft.com/help/5055528 12243 12242 12085 12086 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12099 12097 12098 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12099 12097 12098 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12389 12390 12436 12437 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12389 12390 12436 12437 5055523 5055523 https://support.microsoft.com/help/5055523 12389 12390 12436 12437 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10855 10816 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10855 10816 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10855 10816 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11924 11923 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11924 11923 5055526 5055526 https://support.microsoft.com/help/5055526 11924 11923 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11571 11569 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11571 11569 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11571 11569 11572 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 <p>The following mitigating factors might be helpful in your situation:</p> <p>To mitigate against possible application compatibility risks, the fix to address this vulnerability has been released as <strong>disabled</strong> by default. However, administrators have been given the ability to enable this behavior if needed through a registry key. For specific instructions on how administrators can enable this behavior, please see the following article: <a href="https://support.microsoft.com/help/5058189">https://support.microsoft.com/help/5058189</a></p> S&#233;bastien Huneault with <a href="https://cegepoutaouais.qc.ca/">C&#233;gep de l&#39;Outaouais</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could an attacker gain?</strong></p> <p>An authenticated attacker could elevate privileges to Secure Kernel.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. The attacker could then run a specially crafted application to overwrite the page table data meant for the kernel.</p> Windows Kernel Microsoft Yes CVE-2025-27739 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Maxime Villard, of M.O.R.S.E. 1.0 2025-04-08T07:00:00 <p>Information published.</p> Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability <p>Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L), privileges are low (PR:L), and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an authenticated attacker to place a specially crafted .dll file in a local network location. When a victim runs this file, it loads the malicious DLL.</p> Visual Studio Tools for Applications and SQL Server Management Studio Microsoft Yes CVE-2025-29803 Uncontrolled Search Path Element 12533 12534 12537 12538 12536 Elevation of Privilege 12533 Elevation of Privilege 12534 Elevation of Privilege 12537 Elevation of Privilege 12538 Elevation of Privilege 12536 Important 12533 Important 12534 Important 12537 Important 12538 Important 12536 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12533 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12534 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12537 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12538 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12536 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=58317&msockid=25abd48859306f62096bc0a9588a6e01 12533 Maybe Security Update 16.0.35907.0 https://www.microsoft.com/en-us/download/details.aspx?id=58317&msockid=25abd48859306f62096bc0a9588a6e01 12533 Release Notes Release Notes https://www.microsoft.com/en-ie/download/details.aspx?id=105123&msockid=25abd48859306f62096bc0a9588a6e01 12534 Maybe Security Update 17.0.35906.0 https://www.microsoft.com/en-ie/download/details.aspx?id=105123&msockid=25abd48859306f62096bc0a9588a6e01 12534 Release Notes Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=105122&msockid=25abd48859306f62096bc0a9588a6e01 12537 Maybe Security Update 17.0.35906.0 https://www.microsoft.com/en-us/download/details.aspx?id=105122&msockid=25abd48859306f62096bc0a9588a6e01 12537 Release Notes Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=105122&msockid=25abd48859306f62096bc0a9588a6e01 12538 Maybe Security Update 16.0.35907.0 https://www.microsoft.com/en-us/download/details.aspx?id=105122&msockid=25abd48859306f62096bc0a9588a6e01 12538 Release Notes Release Notes https://aka.ms/ssmsfullsetup 12536 Maybe Security Update 20.2.37.0 https://learn.microsoft.com/en-us/ssms/release-notes-ssms#previous-ssms-releases 12536 Release Notes <a href="https://medium.com/@spoppi">Sandro Poppi</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability <p>Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain ROOT privileges.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft AutoUpdate (MAU) Microsoft Yes CVE-2025-29800 Improper Privilege Management 10949 Elevation of Privilege 10949 Important 10949 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10949 MAU https://go.microsoft.com/fwlink/p/?linkid=830196 10949 Yes Security Update 4.78 https://support.office.com/en-us/article/Check-for-Office-for-Mac-updates-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1 10949 MAU Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p>Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.</p> Visual Studio Microsoft Yes CVE-2025-29802 Uncontrolled Search Path Element 12271 12322 12459 Elevation of Privilege 12271 Elevation of Privilege 12322 Elevation of Privilege 12459 Important 12271 Important 12322 Important 12459 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.20 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Polar Penguin 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability <p>Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain ROOT privileges.</p> Microsoft AutoUpdate (MAU) Microsoft Yes CVE-2025-29801 Incorrect Default Permissions 10949 Elevation of Privilege 10949 Important 10949 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10949 MAU https://go.microsoft.com/fwlink/p/?linkid=830196 10949 Yes Security Update 4.78 https://support.office.com/en-us/article/Check-for-Office-for-Mac-updates-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1 10949 MAU Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Visual Studio Elevation of Privilege Vulnerability <p>Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.</p> Visual Studio Microsoft Yes CVE-2025-29804 Improper Access Control 12506 12459 12271 12322 Elevation of Privilege 12506 Elevation of Privilege 12459 Elevation of Privilege 12271 Elevation of Privilege 12322 Important 12506 Important 12459 Important 12271 Important 12322 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12506 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12459 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13 12506 Maybe Security Update 17.13.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12506 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.20 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Polar Penguin 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Kerberos Security Feature Bypass Vulnerability <p>Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Are there any additional steps that I need to follow to be protected from this vulnerability?</strong></p> <p>The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in <a href="https://support.microsoft.com/help/5042562">Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates</a> has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos credentials.</p> Windows Kerberos Microsoft Yes CVE-2025-29809 Insecure Storage of Sensitive Information 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12437 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11568 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11569 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11571 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11572 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11923 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11924 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11929 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11930 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 11931 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12085 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12097 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12098 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12099 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12437 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12242 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12243 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12244 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12389 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12390 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 12436 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 10729 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 10735 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 10852 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 10853 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 10816 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RC:C 10855 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 <a href="https://x.com/_ethicalchaos_">Ceri Coburn</a> with <a href="https://www.netspi.com/">NetSPI</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> Windows Cryptographic Services Information Disclosure Vulnerability <p>Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Cryptographic Services Microsoft Yes CVE-2025-29808 Use of a Cryptographic Primitive with a Risky Implementation 11923 11924 Information Disclosure 11923 Information Disclosure 11924 Important 11923 Important 11924 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 1.0 2025-04-08T07:00:00 <p>Information published.</p> Outlook for Android Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could read targeted email messages.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Outlook for Android Microsoft Yes CVE-2025-29805 Exposure of Sensitive Information to an Unauthorized Actor 10685 Information Disclosure 10685 Important 10685 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10685 Release Notes https://play.google.com/store/apps/details/Microsoft_Outlook?id=com.microsoft.office.outlook&hl=en_US&pli=1 10685 Maybe Security Update 4.2509.0 https://learn.microsoft.com/en-us/officeupdates/release-notes-outlook-mobile 10685 Release Notes <a href="https://linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://microsoft.com/">Microsoft</a> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Active Directory Domain Services Elevation of Privilege Vulnerability <p>Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?</strong></p> <p>Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.</p> Active Directory Domain Services Microsoft Yes CVE-2025-29810 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055609 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055609 5053888 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23220 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055609 5055609 https://support.microsoft.com/help/5055609 9312 10287 9318 9344 5055596 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055596 9312 10287 9318 9344 Yes Security Only 6.0.6003.23220 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055596 5055596 https://support.microsoft.com/help/5055596 9312 10287 9318 9344 5055561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055561 5053620 10051 10049 Yes Monthly Rollup 6.1.7601.27670 https://support.microsoft.com/help/5055561 10051 10049 5055561 5055570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055570 10051 10049 Yes Security Only 6.1.7601.27670 https://support.microsoft.com/help/5055570 10051 10049 5055570 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 Matthieu Buffet 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-09T07:00:00 <p>The security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems are now available. See the Security Updates table for more information.</p> DirectX Graphics Kernel Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Memory Microsoft Yes CVE-2025-29812 Untrusted Pointer Dereference 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Micky Thongam - HackSys Inc working with Trend Micro Zero Day Initiative 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft Word Security Feature Bypass Vulnerability <p>Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to bypass specific functionality of the Office Protected View.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of April 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Word Microsoft Yes CVE-2025-29816 Acceptance of Extraneous Untrusted Data With Trusted Data 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 10746 10747 Security Feature Bypass 11573 Security Feature Bypass 11574 Security Feature Bypass 11762 Security Feature Bypass 11763 Security Feature Bypass 11951 Security Feature Bypass 11952 Security Feature Bypass 11953 Security Feature Bypass 12420 Security Feature Bypass 12421 Security Feature Bypass 12440 Security Feature Bypass 10753 Security Feature Bypass 10754 Security Feature Bypass 10746 Security Feature Bypass 10747 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10753 Important 10754 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.96.25041326 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002700 https://www.microsoft.com/en-us/download/details.aspx?id=108094 5002693 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002700 10753 10754 5002700 5002700 https://support.microsoft.com/help/5002700 10753 10754 5002573 https://www.microsoft.com/en-us/download/details.aspx?id=108103 5002522 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002573 10753 10754 5002573 5002623 https://www.microsoft.com/en-us/download/details.aspx?id=108113 10753 10754 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002623 10753 10754 5002623 5002702 https://www.microsoft.com/en-us/download/details.aspx?id=108098 5002662 10746 10747 Maybe Security Update 16.0.5495.1002 https://support.microsoft.com/help/5002702 10746 10747 5002702 Felix Boulet 1.0 2025-04-08T07:00:00 <p>Information published.</p> 2.0 2025-04-15T07:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p>Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality), make changes to disclosed information (Integrity), and they might be able to force a crash within the browser tab (Availability).</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>134.0.3124.66</td> <td>3/12/2025</td> <td>134.0.6998.89</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-29815 Use After Free 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 134.0.3124.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a> 1.0 2025-04-03T07:00:00 <p>Information published.</p> Windows Admin Center in Azure Portal Information Disclosure Vulnerability <p>External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized read-only access to the local file system.</p> Azure Portal Windows Admin Center Microsoft Yes CVE-2025-29819 External Control of File Name or Path 12518 11629 Information Disclosure 12518 Information Disclosure 11629 Important 12518 Important 11629 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12518 6.2 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11629 Release Notes https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm 12518 Maybe Security Update 0.45.0.0 https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/extension-release-notes 12518 Release Notes Release Notes https://info.microsoft.com/ww-landing-windows-admin-center.html 11629 Maybe Security Update 2.4.2.1 https://aka.ms/wac2410 11629 Release Notes Rodrigo D' Afonseca Silva, Pedro Henrique Pereira Souza, Lucas Luna Gomes Do Rosario, and Josè Acácio Dos Santos Costa cjm00n, wh1tc with Kunlun Lab & Zhiniang Peng with HUST Víctor A. Morales from GM Sectec, Inc. 1.1 2025-04-22T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> 1.2 2025-07-22T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Windows Mobile Broadband Driver Elevation of Privilege Vulnerability <p>Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Mobile Broadband Microsoft Yes CVE-2025-29811 Improper Input Validation Heap-based Buffer Overflow Out-of-bounds Read 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 Anonymous 1.0 2025-04-08T07:00:00 <p>Information published.</p> Chromium: CVE-2025-3066 Use after free in Site Isolation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.7049.85</td> <td>4/11/2025</td> <td>135.0.3179.73</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3066 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.73 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:15 <p>Information published.</p> 1.1 2025-04-11T07:00:00 <p>In the Security Updates table and FAQs updated the fixed build versions. Corrected CVE title. These are informational changes only.</p> Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3070 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:26 <p>Information published.</p> Chromium: CVE-2025-3069 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3069 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:24 <p>Information published.</p> Chromium: CVE-2025-3068 Inappropriate implementation in Intents <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3068 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:22 <p>Information published.</p> Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3067 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:20 <p>Information published.</p> Chromium: CVE-2025-3071 Inappropriate implementation in Navigations <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3071 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:28 <p>Information published.</p> Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3072 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:31 <p>Information published.</p> Chromium: CVE-2025-3073 Inappropriate implementation in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3073 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:33 <p>Information published.</p> Chromium: CVE-2025-3074 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.54</td> <td>4/3/2025</td> <td>135.0.7049.41/.42/.52</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3074 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.54 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-03T17:47:35 <p>Information published.</p> Visual Studio Code Elevation of Privilege Vulnerability <p>Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could execute code in the context of another Visual Studio Code user on the vulnerable system.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).</p> Visual Studio Code Microsoft Yes CVE-2025-32726 Improper Access Control 11622 Elevation of Privilege 11622 Important 11622 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11622 Release Notes https://code.visualstudio.com/download 11622 Maybe Security Update 1.99.1 https://code.visualstudio.com/updates/v1_99 11622 Release Notes <a href="https://www.linkedin.com/in/ivanlepies/">Ivan Lepies</a> with <a href="https://www.istrosec.com/">IstroSec s.r.o.</a> <a href="https://kdsjzh.github.io/">Han Zheng</a> with <a href="https://hexhive.epfl.ch/">HexHive</a> 1.1 2025-07-03T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-24060 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 YanZiShuang@BigCJTeam of cyberkl 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p>Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-24062 Improper Input Validation 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12437 12389 12390 12436 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055523 5055523 https://support.microsoft.com/help/5055523 12437 12389 12390 12436 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 YanZiShuang@BigCJTeam of cyberkl 1.0 2025-04-08T07:00:00 <p>Information published.</p> ASP.NET Core and Visual Studio Denial of Service Vulnerability <p>Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.</p> ASP.NET Core Microsoft Yes CVE-2025-26682 Allocation of Resources Without Limits or Throttling 12256 12459 12506 12271 12322 12507 Denial of Service 12256 Denial of Service 12459 Denial of Service 12506 Denial of Service 12271 Denial of Service 12322 Denial of Service 12507 Important 12256 Important 12459 Important 12506 Important 12271 Important 12322 Important 12507 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12256 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12459 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12506 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12271 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12322 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12507 Release Notes https://dotnet.microsoft.com/download/dotnet/8.0 12256 Maybe Security Update 8.0.15 https://github.com/dotnet/announcements/issues/352 12256 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12 12459 Maybe Security Update 17.12.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12459 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.13 12506 Maybe Security Update 17.13.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12506 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.20 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://dotnet.microsoft.com/download/dotnet/9.0 12507 Maybe Security Update 9.0.4 https://github.com/dotnet/announcements/issues/352 12507 Release Notes James Newton-King with Microsoft James Newton-King with Microsoft 1.0 2025-04-08T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p>Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.</p> <p><strong>How could an attacker exploit this vulnerability via the Network?</strong></p> <p>An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.7049.85</td> <td>4/11/2025</td> <td>135.0.3179.73</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-29834 Out-of-bounds Read 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 134.0.3124.93 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a> 1.0 2025-04-11T07:00:00 <p>Information published.</p> Chromium: CVE-2025-3620 Use after free in USB <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.85</td> <td>4/17/2025</td> <td>135.0.7049.96</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3620 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.85 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-17T21:43:04 <p>Information published.</p> Chromium: CVE-2025-3619 Heap buffer overflow in Codecs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%C2%A05">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>135.0.3179.85</td> <td>4/17/2025</td> <td>135.0.7049.96</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-3619 11655 11655 11655 Release Notes 11655 No Security Update 135.0.3179.85 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-04-17T21:42:59 <p>Information published.</p> Microsoft Dynamics Information Disclosure Vulnerability <p>Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Dynamics Microsoft No CVE-2025-30391 Improper Input Validation 16743 Information Disclosure 16743 Critical 16743 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16743 Anonymous 1.0 2025-04-30T07:00:00 <p>Information published.</p> Azure Bot Framework SDK Elevation of Privilege Vulnerability <p>Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Bot Framework SDK Microsoft No CVE-2025-30389 Improper Authorization 16740 Elevation of Privilege 16740 Critical 16740 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.7 7.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C 16740 Anonymous 1.0 2025-04-30T07:00:00 <p>Information published.</p> Azure Functions Remote Code Execution Vulnerability <p>Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Azure Functions Microsoft No CVE-2025-33074 Improper Verification of Cryptographic Signature 11795 Remote Code Execution 11795 Critical 11795 Publicly Disclosed:No;Exploited:No 7.5 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11795 Nick Wojciechowski 1.0 2025-04-30T07:00:00 <p>Information published.</p> Azure ML Compute Elevation of Privilege Vulnerability <p>Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Microsoft No CVE-2025-30390 Improper Authorization 12152 Elevation of Privilege 12152 Critical 12152 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12152 <a href="https://twitter.com/yanir_">Yanir Tsarimi</a> 1.0 2025-04-30T07:00:00 <p>Information published.</p> Azure AI Bot Elevation of Privilege Vulnerability <p>Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Bot Framework SDK Microsoft No CVE-2025-30392 Improper Authorization 16740 Elevation of Privilege 16740 Critical 16740 Publicly Disclosed:No;Exploited:No 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16740 Anonymous 1.0 2025-04-30T07:00:00 <p>Information published.</p> Azure Virtual Desktop Elevation of Privilege Vulnerability <p>Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Virtual Desktop Microsoft No CVE-2025-21416 Missing Authorization 16742 Elevation of Privilege 16742 Critical 16742 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.5 7.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C 16742 Anonymous 1.0 2025-04-30T07:00:00 <p>Information published.</p>