August 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Aug 2025-Aug Final 1.0 450 2026-05-25T14:38:48 August 2025 Security Updates 2025-08-12T07:00:00 2026-05-25T14:38:48 <h2 id="this-release-consists-of-the-following-116-microsoft-cves">This release consists of the following 116 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24999">CVE-2025-24999</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25005">CVE-2025-25005</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25006">CVE-2025-25006</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-25007">CVE-2025-25007</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33051">CVE-2025-33051</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47954">CVE-2025-47954</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-48807">CVE-2025-48807</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Virtual Machines</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49707">CVE-2025-49707</a></td> <td>7.9</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49712">CVE-2025-49712</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49736">CVE-2025-49736</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49743">CVE-2025-49743</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics 365 (on-premises)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49745">CVE-2025-49745</a></td> <td>5.4</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49751">CVE-2025-49751</a></td> <td>6.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for Android</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49755">CVE-2025-49755</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49757">CVE-2025-49757</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49758">CVE-2025-49758</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49759">CVE-2025-49759</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49761">CVE-2025-49761</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-49762">CVE-2025-49762</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Desktop Windows Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50153">CVE-2025-50153</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows File Explorer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50154">CVE-2025-50154</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50155">CVE-2025-50155</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50156">CVE-2025-50156</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50157">CVE-2025-50157</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50158">CVE-2025-50158</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Access Point-to-Point Protocol (PPP) EAP-TLS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50159">CVE-2025-50159</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50160">CVE-2025-50160</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50161">CVE-2025-50161</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50162">CVE-2025-50162</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50163">CVE-2025-50163</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50164">CVE-2025-50164</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50165">CVE-2025-50165</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Distributed Transaction Coordinator</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50166">CVE-2025-50166</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50167">CVE-2025-50167</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - ICOMP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50168">CVE-2025-50168</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SMB</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50169">CVE-2025-50169</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50170">CVE-2025-50170</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Remote Desktop Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50171">CVE-2025-50171</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50172">CVE-2025-50172</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50173">CVE-2025-50173</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Graphics Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50176">CVE-2025-50176</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-50177">CVE-2025-50177</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Media</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53131">CVE-2025-53131</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53132">CVE-2025-53132</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PrintWorkflowUserSvc</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53133">CVE-2025-53133</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53134">CVE-2025-53134</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53135">CVE-2025-53135</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53136">CVE-2025-53136</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53137">CVE-2025-53137</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53138">CVE-2025-53138</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Kernel Transaction Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53140">CVE-2025-53140</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53141">CVE-2025-53141</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53142">CVE-2025-53142</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53143">CVE-2025-53143</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53144">CVE-2025-53144</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53145">CVE-2025-53145</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53147">CVE-2025-53147</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53148">CVE-2025-53148</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Kernel Streaming WOW Thunk Service Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53149">CVE-2025-53149</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53151">CVE-2025-53151</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Desktop Windows Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53152">CVE-2025-53152</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53153">CVE-2025-53153</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53154">CVE-2025-53154</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53155">CVE-2025-53155</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Storage Port Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53156">CVE-2025-53156</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Local Security Authority Subsystem Service (LSASS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53716">CVE-2025-53716</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53718">CVE-2025-53718</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53719">CVE-2025-53719</a></td> <td>5.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53720">CVE-2025-53720</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Connected Devices Platform Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53721">CVE-2025-53721</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53722">CVE-2025-53722</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53723">CVE-2025-53723</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53724">CVE-2025-53724</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53725">CVE-2025-53725</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Push Notifications</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53726">CVE-2025-53726</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53727">CVE-2025-53727</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics 365 (on-premises)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53728">CVE-2025-53728</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure File Sync</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53729">CVE-2025-53729</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53730">CVE-2025-53730</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53731">CVE-2025-53731</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53732">CVE-2025-53732</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53733">CVE-2025-53733</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53734">CVE-2025-53734</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53735">CVE-2025-53735</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53736">CVE-2025-53736</a></td> <td>6.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53737">CVE-2025-53737</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53738">CVE-2025-53738</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53739">CVE-2025-53739</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53740">CVE-2025-53740</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53741">CVE-2025-53741</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53759">CVE-2025-53759</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53760">CVE-2025-53760</a></td> <td>7.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office PowerPoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53761">CVE-2025-53761</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Databricks</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53763">CVE-2025-53763</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53765">CVE-2025-53765</a></td> <td>4.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows GDI+</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53766">CVE-2025-53766</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure OpenAI</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53767">CVE-2025-53767</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Security App</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53769">CVE-2025-53769</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Web Deploy</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53772">CVE-2025-53772</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub Copilot and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53773">CVE-2025-53773</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft 365 Copilot's Business Chat</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53774">CVE-2025-53774</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53778">CVE-2025-53778</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53779">CVE-2025-53779</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Virtual Machines</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53781">CVE-2025-53781</a></td> <td>7.7</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53783">CVE-2025-53783</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53784">CVE-2025-53784</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53786">CVE-2025-53786</a></td> <td>8.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft 365 Copilot's Business Chat</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53787">CVE-2025-53787</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Subsystem for Linux</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53788">CVE-2025-53788</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows StateRepository API</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53789">CVE-2025-53789</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Portal</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53792">CVE-2025-53792</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53793">CVE-2025-53793</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft PC Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-53795">CVE-2025-53795</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Certificates</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55229">CVE-2025-55229</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MBT Transport driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55230">CVE-2025-55230</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55231">CVE-2025-55231</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-16-non-microsoft-cves">We are republishing 16 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8576">CVE-2025-8576</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8577">CVE-2025-8577</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8578">CVE-2025-8578</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8579">CVE-2025-8579</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8580">CVE-2025-8580</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8581">CVE-2025-8581</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8582">CVE-2025-8582</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8583">CVE-2025-8583</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8879">CVE-2025-8879</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8880">CVE-2025-8880</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8881">CVE-2025-8881</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8882">CVE-2025-8882</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-8901">CVE-2025-8901</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-9132">CVE-2025-9132</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-9478">CVE-2025-9478</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5063888">5063888</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5063948">5063948</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002769">5002769</a></td> <td>SharePoint Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002771">5002771</a></td> <td>SharePoint Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002773">5002773</a></td> <td>SharePoint Server Subscription Edition</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Edge (Chromium-based) Microsoft Edge for Android Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Multimedia Redirection Installer Windows Security App Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 15 Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft SQL Server 2022 for x64-based Systems (CU 20) Microsoft SQL Server 2019 for x64-based Systems (CU 32) Azure File Sync v18 Azure File Sync v19 Azure File Sync v20 Azure File Sync v21 DCasv5-series Azure VM DCadsv5-series Azure VM ECasv5-series Azure VM ECadsv5-series Azure VM DCesv5-series - Azure VM DCedsv5-series Azure VM ECesv5-series Azure VM ECedsv5-series Azure VM NCCadsH100v5-series Azure VM Ecesv6-series Azure VM DCesv6-series Azure VM Microsoft Purview Data Governance Azure Stack Hub Azure Stack Hub 2408 Azure Stack Hub 2406 Azure Stack Hub 2501 Azure Portal Azure Open AI Microsoft Exchange Server Subscription Edition RTM Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Office Online Server Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC for Mac 2024 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office for Android Microsoft Office for Universal Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Teams for Android Microsoft Teams for iOS Microsoft Teams for Desktop Microsoft Teams for Mac, New Edition Web Deploy 4.0 Microsoft Visual Studio 2022 version 17.14 Microsoft PC Manager Microsoft 365 Copilot's Business Chat Teams for D365 Remote Assist HoloLens Teams Panels Teams Phones Teams for D365 Guides Hololens Windows Subsystem for Linux (WSL2) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SQL Server 2017 for x64-based Systems (GDR) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Edge for Android Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft Teams for iOS Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Azure Stack Hub Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Teams for Android Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Windows Subsystem for Linux (WSL2) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft Office for Android Microsoft Office for Universal Microsoft Teams for Desktop Microsoft Teams for Mac, New Edition Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Azure Open AI Microsoft Exchange Server 2019 Cumulative Update 14 Azure File Sync v18 Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft PC Manager Microsoft Exchange Server 2019 Cumulative Update 15 Azure File Sync v19 Azure File Sync v20 Windows Security App Microsoft Visual Studio 2022 version 17.14 Microsoft SQL Server 2019 for x64-based Systems (CU 32) Microsoft 365 Copilot's Business Chat Microsoft Exchange Server Subscription Edition RTM Microsoft SQL Server 2022 for x64-based Systems (CU 20) Web Deploy 4.0 DCasv5-series Azure VM DCadsv5-series Azure VM ECasv5-series Azure VM ECadsv5-series Azure VM Teams for D365 Remote Assist HoloLens Teams for D365 Guides Hololens Teams Panels Teams Phones DCesv5-series - Azure VM DCedsv5-series Azure VM ECesv5-series Azure VM ECedsv5-series Azure VM NCCadsH100v5-series Azure VM Azure File Sync v21 Azure Portal Azure Stack Hub 2501 Azure Stack Hub 2408 Azure Stack Hub 2406 DCesv6-series Azure VM Ecesv6-series Azure VM Microsoft Purview Data Governance azl3 kernel 6.6.96.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 iperf3 3.18-1 on CBL Mariner 2.0 azl3 iperf3 3.17.1-2 on Azure Linux 3.0 azl3 jx 3.10.182-1 on Azure Linux 3.0 azl3 libsndfile 1.2.2-3 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 jasper 4.2.1-2 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0 azl3 keras 3.3.3-2 on Azure Linux 3.0 azl3 packer 1.9.5-9 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-14 on Azure Linux 3.0 azl3 ceph 18.2.2-10 on Azure Linux 3.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 cbl2 vim 9.1.1552-1 on CBL Mariner 2.0 azl3 postgresql 16.9-1 on Azure Linux 3.0 azl3 libxml2 2.11.5-6 on Azure Linux 3.0 azl3 libssh 0.10.6-2 on Azure Linux 3.0 azl3 vim 9.1.1552-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 cbl2 jx 3.2.236-21 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-42 on CBL Mariner 2.0 cbl2 golang 1.18.8-8 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0 azl3 nasm 2.16.01-1 on Azure Linux 3.0 cbl2 containerized-data-importer 1.55.0-23 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-10 on CBL Mariner 2.0 azl3 nginx 1.25.4-4 on Azure Linux 3.0 cbl2 jasper 2.0.32-4 on CBL Mariner 2.0 cbl2 terraform 1.3.2-25 on CBL Mariner 2.0 azl3 skopeo 1.14.4-5 on Azure Linux 3.0 cbl2 packer 1.9.5-13 on CBL Mariner 2.0 azl3 qemu 8.2.0-17 on Azure Linux 3.0 cbl2 libsndfile 1.0.31-3 on CBL Mariner 2.0 cbl2 cmake 3.21.4-18 on CBL Mariner 2.0 cbl2 iperf3 3.18-1 on CBL Mariner 2.0 azl3 libtiff 4.6.0-7 on Azure Linux 3.0 cbl2 libssh 0.10.6-2 on CBL Mariner 2.0 azl3 cmake 3.30.3-8 on Azure Linux 3.0 cbl2 golang 1.22.7-4 on CBL Mariner 2.0 cbl2 reaper 3.1.1-19 on CBL Mariner 2.0 azl3 edk2 20240524git3e722403cd16-9 on Azure Linux 3.0 cbl2 hvloader 1.0.1-13 on CBL Mariner 2.0 azl3 golang 1.24.5-1 on Azure Linux 3.0 cbl2 nginx 1.22.1-13 on CBL Mariner 2.0 azl3 golang 1.23.11-1 on Azure Linux 3.0 azl3 bison 3.8.2-1 on Azure Linux 3.0 azl3 cairo 1.18.0-1 on Azure Linux 3.0 cbl2 libxml2 2.10.4-8 on CBL Mariner 2.0 cbl2 nasm 2.16-1 on CBL Mariner 2.0 cbl2 jq 1.6-4 on CBL Mariner 2.0 cbl2 vim 9.1.1552-1 on CBL Mariner 2.0 azl3 aide 0.18.6-1 on Azure Linux 3.0 cbl2 aide 0.16-16 on CBL Mariner 2.0 cbl2 postgresql 14.18-1 on CBL Mariner 2.0 cbl2 helm 3.14.2-7 on CBL Mariner 2.0 azl3 iperf3 3.17.1-3 on Azure Linux 3.0 azl3 libglvnd 1.7.0-3 on Azure Linux 3.0 cbl2 libsndfile 1.0.31-4 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-15 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-43 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-14 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-8 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-8 on CBL Mariner 2.0 cbl2 iperf3 3.18-2 on CBL Mariner 2.0 cbl2 jasper 2.0.32-5 on CBL Mariner 2.0 cbl2 nginx 1.22.1-14 on CBL Mariner 2.0 cbl2 helm 3.14.2-8 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-24 on CBL Mariner 2.0 cbl2 jx 3.2.236-22 on CBL Mariner 2.0 cbl2 packer 1.9.5-14 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-11 on CBL Mariner 2.0 cbl2 terraform 1.3.2-26 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 libtiff 4.6.0-8 on Azure Linux 3.0 azl3 cmake 3.30.3-9 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0 azl3 jasper 4.2.1-3 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-15 on Azure Linux 3.0 azl3 jx 3.10.182-2 on Azure Linux 3.0 azl3 aide 0.18.6-2 on Azure Linux 3.0 azl3 nginx 1.25.4-5 on Azure Linux 3.0 azl3 apparmor 3.1.7-1 on Azure Linux 3.0 cbl2 cairo 1.17.4-3 on CBL Mariner 2.0 Multimedia Redirection Installer cbl2 cri-o 1.22.3-16 on CBL Mariner 2.0 cbl2 cmake 3.21.4-19 on CBL Mariner 2.0 cbl2 helm 3.14.2-9 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-9 on CBL Mariner 2.0 cbl2 aide 0.16-17 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-25 on CBL Mariner 2.0 cbl2 jx 3.2.236-23 on CBL Mariner 2.0 cbl2 packer 1.9.5-15 on CBL Mariner 2.0 cbl2 skopeo 1.14.2-12 on CBL Mariner 2.0 cbl2 terraform 1.3.2-27 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 ceph 18.2.2-11 on Azure Linux 3.0 azl3 packer 1.9.5-10 on Azure Linux 3.0 azl3 libtiff 4.6.0-10 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-16 on Azure Linux 3.0 azl3 jx 3.10.182-3 on Azure Linux 3.0 azl3 skopeo 1.14.4-6 on Azure Linux 3.0 cbl2 libxml2 2.10.4-9 on CBL Mariner 2.0 cbl2 rust 1.72.0-11 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-10 on CBL Mariner 2.0 cbl2 jq 1.6-5 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 libxml2 2.11.5-7 on Azure Linux 3.0 cbl2 libtiff 4.6.0-11 on CBL Mariner 2.0 cbl2 reaper 3.1.1-21 on CBL Mariner 2.0 azl3 kata-containers 3.19.1.kata2-2 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 ceph 18.2.2-12 on Azure Linux 3.0 azl3 rust 1.75.0-22 on Azure Linux 3.0 azl3 libtiff 4.6.0-11 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-5 on Azure Linux 3.0 azl3 rust 1.86.0-10 on Azure Linux 3.0 cbl2 reaper 3.1.1-22 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 rust 1.90.0-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0 azl3 libxml2 2.11.5-8 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata2-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 azl3 rust 1.75.0-24 on Azure Linux 3.0 azl3 rust 1.90.0-3 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata2-4 on Azure Linux 3.0 cbl2 rpm-ostree 2022.1-8 on CBL Mariner 2.0 cbl2 rust 1.72.0-13 on CBL Mariner 2.0 azl3 libsndfile 1.2.2-4 on Azure Linux 3.0 cbl2 libxml2 2.10.4-10 on CBL Mariner 2.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-14 on CBL Mariner 2.0 cbl2 libxml2 2.10.4-11 on CBL Mariner 2.0 cbl2 helm 3.14.2-10 on CBL Mariner 2.0 azl3 trident 0.21.0-1 on Azure Linux 3.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 azl3 rust 1.75.0-25 on Azure Linux 3.0 azl3 libxml2 2.11.5-9 on Azure Linux 3.0 azl3 libxml2 2.11.5-9 on Azure Linux 3.0 azl3 rust 1.90.0-4 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata2-6 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-6 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 nasm 2.16.01-2 on Azure Linux 3.0 cbl2 rust 1.72.0-15 on CBL Mariner 2.0 cbl2 nasm 2.16-2 on CBL Mariner 2.0 azl3 kata-containers 3.19.1.kata2-7 on Azure Linux 3.0 azl3 rpm-ostree 2024.4-8 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata3-1 on Azure Linux 3.0 azl3 jq 1.7.1-5 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-26819 Expected Behavior Violation 19531-17084 20342-17084 20442-17084 20564-17084 20730-17084 19531-17084 20342-17084 20442-17084 20564-17084 20730-17084 Low 19531-17084 Low 20342-17084 Low 20442-17084 Low 20564-17084 Low 20730-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 19531-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20342-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20442-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20564-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20730-17084 CBL-Mariner Releases 20342-17084 No Security Update 1.7.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20342-17084 CBL-Mariner Releases 2.0 2025-12-07T01:44:25 <p>Information published.</p> 2.1 2026-02-21T03:31:58 <p>Information published.</p> 1.0 2025-08-07T00:00:00 <p>Information published.</p> In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-54351 Unprotected Alternate Channel 20101-17086 17144-17086 17526-17084 20101-17086 17144-17086 17526-17084 20101-17086 Important 17144-17086 Important 17526-17084 8.9 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 20101-17086 8.9 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 17144-17086 8.9 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 17526-17084 2.0 2026-02-21T04:25:41 <p>Information published.</p> 1.0 2025-09-03T21:50:16 <p>Information published.</p> LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-9165 Missing Release of Memory after Effective Lifetime 20104-17084 20397-17086 19773-17086 20415-17084 20104-17084 20397-17086 19773-17086 20415-17084 20104-17084 Moderate 20397-17086 19773-17086 Moderate 20415-17084 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P 20104-17084 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P 20397-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P 19773-17086 5.5 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P 20415-17084 CBL-Mariner Releases 20104-17084 20397-17086 19773-17086 20415-17084 No Security Update 4.6.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20104-17084 20397-17086 19773-17086 20415-17084 CBL-Mariner Releases 1.0 2025-09-03T21:50:43 <p>Information published.</p> libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8534 NULL Pointer Dereference 20397-17086 20104-17084 19773-17086 20397-17086 20104-17084 19773-17086 Low 20397-17086 Low 20104-17084 19773-17086 2.5 2.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 20397-17086 2.5 2.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20104-17084 2.5 2.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U 19773-17086 CBL-Mariner Releases 20397-17086 No Security Update 4.6.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20397-17086 CBL-Mariner Releases CBL-Mariner Releases 20104-17084 19773-17086 No Security Update 4.6.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20104-17084 19773-17086 CBL-Mariner Releases 1.1 2026-02-21T04:25:59 <p>Information published.</p> 1.0 2025-09-03T21:53:12 <p>Information published.</p> Libssh: write beyond bounds in binary to base64 conversion functions <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2025-4877 Out-of-bounds Write 20111-17086 19623-17084 19574-17086 20111-17086 19623-17084 19574-17086 20111-17086 Moderate 19623-17084 Moderate 19574-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 20111-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19623-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 19574-17086 1.0 2025-09-03T21:53:59 <p>Information published.</p> 2.0 2026-02-21T04:23:45 <p>Information published.</p> cmake cmForEachCommand.cxx ReplayItems assertion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-9301 Reachable Assertion 20047-17086 20119-17084 20529-17086 20416-17084 20047-17086 20119-17084 20529-17086 20416-17084 Low 20047-17086 20119-17084 Low 20529-17086 Low 20416-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20047-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20119-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20529-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20416-17084 CBL-Mariner Releases 20047-17086 20529-17086 No Security Update 3.21.4-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20047-17086 20529-17086 CBL-Mariner Releases CBL-Mariner Releases 20119-17084 20416-17084 No Security Update 3.30.3-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20119-17084 20416-17084 CBL-Mariner Releases 1.0 2025-09-03T21:58:03 <p>Information published.</p> SMM IDT Privilege Escalation Vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner TianoCore Yes CVE-2025-3770 Protection Mechanism Failure 20128-17084 20035-17084 19733-17086 19662-17086 17093-17086 20132-17086 20377-17086 20378-17086 20128-17084 20035-17084 19733-17086 19662-17086 17093-17086 20132-17086 20377-17086 20378-17086 Moderate 20128-17084 Important 20035-17084 19733-17086 19662-17086 Important 17093-17086 20132-17086 Moderate 20377-17086 Moderate 20378-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20128-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20035-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19733-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20132-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20377-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20378-17086 CBL-Mariner Releases 20128-17084 No Security Update 20240524git3e722403cd16-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20128-17084 CBL-Mariner Releases CBL-Mariner Releases 19733-17086 20377-17086 No Security Update 20230301gitf80f052277c8-43 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19733-17086 20377-17086 CBL-Mariner Releases CBL-Mariner Releases 20132-17086 20378-17086 No Security Update 1.0.1-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20132-17086 20378-17086 CBL-Mariner Releases 2.0 2026-02-21T04:26:39 <p>Information published.</p> 1.0 2025-09-03T22:07:10 <p>Information published.</p> Missing type checks leading to hash rewind and passing on crafted data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner harborist Yes CVE-2025-9288 Improper Input Validation 20124-17086 20776-17086 20697-17086 20124-17086 20776-17086 20697-17086 Important 20124-17086 Important 20776-17086 Important 20697-17086 7.7 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P 20124-17086 7.7 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P 20776-17086 7.7 7.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P 20697-17086 1.0 2025-09-03T22:01:56 <p>Information published.</p> 2.0 2025-12-06T14:37:29 <p>Information published.</p> 3.0 2026-01-03T01:37:40 <p>Information published.</p> regulator: core: fix NULL dereference on unbind due to stale coupling data <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38668 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Important 20412-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:02:01 <p>Information published.</p> 1.0 2025-09-03T22:04:02 <p>Information published.</p> 3.0 2026-02-24T14:35:41 <p>Information published.</p> gfs2: No more self recovery <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38659 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:09:04 <p>Information published.</p> 3.0 2025-12-03T01:38:39 <p>Information published.</p> 2.0 2025-11-27T01:04:45 <p>Information published.</p> wifi: mac80211: reject TDLS operations when station is not associated <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38644 Use of Uninitialized Resource 19683-17084 20925-17086 21093-17086 20412-17084 17087-17086 19683-17084 20925-17086 21093-17086 20412-17084 17087-17086 19683-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:11:23 <p>Information published.</p> 3.0 2026-03-03T14:50:22 <p>Information published.</p> 4.0 2026-03-31T15:05:39 <p>Information published.</p> 2.0 2026-01-08T01:02:42 <p>Information published.</p> [ceph] parse_longname(): strrchr() expects NUL-terminated string <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38660 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20860-17084 20956-17084 21094-17084 21248-17084 20788-17084 20823-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20860-17084 20956-17084 21094-17084 21248-17084 20788-17084 20823-17084 21308-17084 21332-17084 21344-17084 19683-17084 Important 20412-17084 Important 20553-17084 Important 20613-17084 Important 20725-17084 Important 20860-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 20788-17084 Important 20823-17084 Important 21308-17084 Important 21332-17084 Moderate 21344-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21332-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T22:14:03 <p>Information published.</p> 2.0 2025-12-07T01:48:19 <p>Information published.</p> 3.0 2026-01-08T14:44:57 <p>Information published.</p> 4.0 2026-01-20T14:39:21 <p>Information published.</p> 5.0 2026-02-21T04:25:40 <p>Information published.</p> 6.0 2026-03-04T14:36:22 <p>Information published.</p> 7.0 2026-03-31T14:49:03 <p>Information published.</p> 8.0 2026-04-29T14:39:50 <p>Information published.</p> 11.1 2026-05-22T01:46:23 <p>Information published.</p> 9.0 2026-05-06T14:52:34 <p>Information published.</p> 10.0 2026-05-11T01:50:52 <p>Information published.</p> 11.0 2026-05-17T14:52:03 <p>Information published.</p> i2c: qup: jump out of the loop in case of timeout <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38671 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:19:35 <p>Information published.</p> 2.0 2026-01-10T01:02:06 <p>Information published.</p> 3.0 2026-02-24T14:35:48 <p>Information published.</p> GNU Bison obprintf.c __obstack_vprintf_internal assertion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8733 Reachable Assertion 20154-17084 20154-17084 Moderate 20154-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20154-17084 1.0 2025-09-03T22:20:27 <p>Information published.</p> vsock: Do not allow binding to VMADDR_PORT_ANY <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38618 Use After Free 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Important 17087-17086 19683-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:21:41 <p>Information published.</p> 2.0 2026-01-09T01:05:47 <p>Information published.</p> 3.0 2026-02-24T14:44:35 <p>Information published.</p> GNU Bison scan-code.c code_free double free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8734 Double Free 20154-17084 20154-17084 Moderate 20154-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20154-17084 1.0 2025-09-03T22:23:02 <p>Information published.</p> f2fs: fix to avoid out-of-boundary access in devs.path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38652 Out-of-bounds Read 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:24:43 <p>Information published.</p> 2.0 2026-01-09T01:06:31 <p>Information published.</p> net: drop UFO packets in udp_rcv_segment() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38622 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:26:54 <p>Information published.</p> 2.0 2026-01-09T01:05:56 <p>Information published.</p> 3.0 2026-02-24T14:44:41 <p>Information published.</p> Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-50422 Reachable Assertion 20172-17084 20461-17086 20172-17084 20461-17086 Low 20172-17084 Low 20461-17086 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20172-17084 2.9 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20461-17086 1.0 2025-09-03T22:28:31 <p>Information published.</p> f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38627 20412-17084 20553-17084 20613-17084 20725-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 2.0 2025-12-07T01:48:38 <p>Information published.</p> 1.0 2025-09-03T22:29:12 <p>Information published.</p> 3.0 2026-01-07T14:35:33 <p>Information published.</p> JasPer Image Color Space Conversion jas_image.c jas_image_chclrspc null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8835 NULL Pointer Dereference 20427-17084 17754-17084 20427-17084 17754-17084 Low 20427-17084 17754-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20427-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 17754-17084 CBL-Mariner Releases 20427-17084 17754-17084 No Security Update 4.2.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20427-17084 17754-17084 CBL-Mariner Releases 1.0 2025-09-03T22:30:59 <p>Information published.</p> fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38630 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:31:45 <p>Information published.</p> 2.0 2026-01-08T01:02:22 <p>Information published.</p> 3.0 2026-02-24T14:42:23 <p>Information published.</p> JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8836 Reachable Assertion 17754-17084 19910-17086 20427-17084 20400-17086 17754-17084 19910-17086 20427-17084 20400-17086 17754-17084 19910-17086 Moderate 20427-17084 Moderate 20400-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 17754-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 19910-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20427-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C 20400-17086 CBL-Mariner Releases 17754-17084 20427-17084 No Security Update 4.2.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17754-17084 20427-17084 CBL-Mariner Releases CBL-Mariner Releases 19910-17086 20400-17086 No Security Update 2.0.32-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19910-17086 20400-17086 CBL-Mariner Releases 1.0 2025-09-03T22:35:09 <p>Information published.</p> rv: Use strings in da monitors tracepoints <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38636 Out-of-bounds Read 20412-17084 20553-17084 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21248-17084 19683-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 20412-17084 20553-17084 20613-17084 20725-17084 20823-17084 20956-17084 21094-17084 21248-17084 19683-17084 20788-17084 20860-17084 21308-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 19683-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 21344-17084 1.0 2025-09-03T22:36:50 <p>Information published.</p> 2.0 2025-12-07T01:49:07 <p>Information published.</p> 4.0 2026-01-20T14:39:32 <p>Information published.</p> 5.0 2026-02-21T03:15:05 <p>Information published.</p> 6.0 2026-03-04T14:36:30 <p>Information published.</p> 7.0 2026-03-31T14:49:27 <p>Information published.</p> 8.0 2026-04-29T14:40:03 <p>Information published.</p> 10.0 2026-05-11T01:51:01 <p>Information published.</p> 11.1 2026-05-22T01:46:31 <p>Information published.</p> 3.0 2026-01-08T14:45:06 <p>Information published.</p> 9.0 2026-05-06T14:52:42 <p>Information published.</p> 11.0 2026-05-17T14:52:12 <p>Information published.</p> JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8837 Use After Free 17754-17084 19910-17086 20400-17086 20427-17084 17754-17084 19910-17086 20400-17086 20427-17084 17754-17084 19910-17086 Moderate 20400-17086 Moderate 20427-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 17754-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 19910-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20400-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20427-17084 CBL-Mariner Releases 17754-17084 20427-17084 No Security Update 4.2.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17754-17084 20427-17084 CBL-Mariner Releases CBL-Mariner Releases 19910-17086 20400-17086 No Security Update 2.0.32-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19910-17086 20400-17086 CBL-Mariner Releases 1.0 2025-09-03T22:40:08 <p>Information published.</p> f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38626 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:39:41 <p>Information published.</p> 2.0 2025-11-28T01:02:06 <p>Information published.</p> 3.0 2025-12-03T01:38:53 <p>Information published.</p> netfilter: xt_nfacct: don't assume acct name is null-terminated <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38639 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:42:39 <p>Information published.</p> 2.0 2026-01-08T01:02:37 <p>Information published.</p> 3.0 2026-02-24T14:42:37 <p>Information published.</p> Keras safe_mode bypass allows arbitrary code execution when loading a malicious model. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2025-8747 Deserialization of Untrusted Data 19276-17084 19276-17084 Important 19276-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19276-17084 CBL-Mariner Releases 19276-17084 No Security Update 3.3.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19276-17084 CBL-Mariner Releases 1.0 2025-09-03T22:43:52 <p>Information published.</p> 1.1 2026-02-21T03:12:49 <p>Information published.</p> hfsplus: remove mutex_lock check in hfsplus_free_extents <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38650 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:46:10 <p>Information published.</p> 2.0 2026-01-09T01:06:22 <p>Information published.</p> 3.0 2026-01-13T01:38:45 <p>Information published.</p> clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38499 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 19683-17084 8.2 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:46:59 <p>Information published.</p> 3.0 2026-02-24T14:42:08 <p>Information published.</p> 2.0 2026-01-08T01:02:06 <p>Information published.</p> spi: stm32: Check for cfg availability in stm32_spi_probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38648 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:48:28 <p>Information published.</p> libxml2 xmlcatalog xmlParseSGMLCatalog recursion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8732 Uncontrolled Recursion 19618-17084 20622-17084 20825-17084 20901-17086 20960-17084 20212-17086 20604-17086 20940-17086 20961-17084 19618-17084 20622-17084 20825-17084 20901-17086 20960-17084 20212-17086 20604-17086 20940-17086 20961-17084 Low 19618-17084 Low 20622-17084 Low 20825-17084 Low 20901-17086 Low 20960-17084 Low 20212-17086 Low 20604-17086 Low 20940-17086 Low 20961-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 19618-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20622-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20825-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20901-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20960-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20212-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20604-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20940-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C 20961-17084 CBL-Mariner Releases 20825-17084 20960-17084 20961-17084 No Security Update 2.11.5-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20825-17084 20960-17084 20961-17084 CBL-Mariner Releases CBL-Mariner Releases 20901-17086 20940-17086 No Security Update 2.10.4-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20901-17086 20940-17086 CBL-Mariner Releases 1.0 2025-09-03T22:52:04 <p>Information published.</p> 2.0 2026-01-20T14:38:28 <p>Information published.</p> 6.0 2026-03-04T14:35:40 <p>Information published.</p> 7.0 2026-03-05T01:03:00 <p>Information published.</p> 3.0 2026-02-21T03:15:40 <p>Information published.</p> 4.0 2026-02-23T14:35:17 <p>Information published.</p> 5.0 2026-03-03T14:39:09 <p>Information published.</p> nilfs2: reject invalid file types when reading inodes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38663 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:51:05 <p>Information published.</p> 3.0 2026-01-13T01:38:52 <p>Information published.</p> 2.0 2026-01-09T01:06:39 <p>Information published.</p> PCI: pnv_php: Fix surprise plug detection and recovery <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38623 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:54:25 <p>Information published.</p> 2.0 2026-01-09T01:06:04 <p>Information published.</p> 3.0 2026-01-13T01:38:38 <p>Information published.</p> NASM Netwide Assember preproc.c do_directive use after free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8842 Use After Free 20220-17086 19796-17084 17667-17084 21114-17086 21097-17084 19668-17086 20220-17086 19796-17084 17667-17084 21114-17086 21097-17084 19668-17086 Moderate 20220-17086 Moderate 19796-17084 Moderate 17667-17084 Moderate 21114-17086 Moderate 21097-17084 Moderate 19668-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 20220-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19796-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 17667-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21114-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21097-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19668-17086 2.0 2026-03-31T14:43:52 <p>Information published.</p> 1.0 2025-09-03T23:00:16 <p>Information published.</p> 1.1 2026-02-21T03:18:11 <p>Information published.</p> vfio/pds: Fix missing detach_ioas op <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38625 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:57:09 <p>Information published.</p> ice: Fix a null pointer dereference in ice_copy_and_init_pkg() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38664 NULL Pointer Dereference 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:00:09 <p>Information published.</p> 2.0 2026-01-09T01:06:48 <p>Information published.</p> 3.0 2026-02-24T14:44:55 <p>Information published.</p> clk: davinci: Add NULL check in davinci_lpsc_clk_register() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38635 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:03:17 <p>Information published.</p> 3.0 2026-02-24T14:42:30 <p>Information published.</p> 2.0 2026-01-08T01:02:32 <p>Information published.</p> NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8843 Heap-based Buffer Overflow 20220-17086 17667-17084 21114-17086 19668-17086 19796-17084 21097-17084 20220-17086 17667-17084 21114-17086 19668-17086 19796-17084 21097-17084 Moderate 20220-17086 Moderate 17667-17084 Moderate 21114-17086 Moderate 19668-17086 Moderate 19796-17084 Moderate 21097-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 20220-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 17667-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21114-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19668-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19796-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21097-17084 2.0 2026-03-31T14:44:27 <p>Information published.</p> 1.0 2025-09-03T23:08:17 <p>Information published.</p> 1.1 2026-02-21T03:20:37 <p>Information published.</p> PCI: pnv_php: Clean up allocated IRQs on unplug <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38624 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:05:30 <p>Information published.</p> 3.0 2026-01-13T01:37:43 <p>Information published.</p> 2.0 2026-01-08T01:02:17 <p>Information published.</p> bpf: Disable migration in nf_hook_run_bpf(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38640 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:09:33 <p>Information published.</p> NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8844 NULL Pointer Dereference 19668-17086 19796-17084 17667-17084 21114-17086 21097-17084 20220-17086 19668-17086 19796-17084 17667-17084 21114-17086 21097-17084 20220-17086 Moderate 19668-17086 Moderate 19796-17084 Moderate 17667-17084 Moderate 21114-17086 Moderate 21097-17084 Moderate 20220-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 19668-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 19796-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 17667-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 21114-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 21097-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20220-17086 1.0 2025-09-03T23:16:28 <p>Information published.</p> 1.1 2026-02-21T03:23:06 <p>Information published.</p> 2.0 2026-03-31T14:45:03 <p>Information published.</p> power: supply: cpcap-charger: Fix null check for power_supply_get_by_name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38634 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:12:01 <p>Information published.</p> 3.0 2026-01-13T01:37:50 <p>Information published.</p> 2.0 2026-01-08T01:02:27 <p>Information published.</p> wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38646 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:14:25 <p>Information published.</p> wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38643 19683-17084 20412-17084 20613-17084 20725-17084 20925-17086 21093-17086 20553-17084 17087-17086 19683-17084 20412-17084 20613-17084 20725-17084 20925-17086 21093-17086 20553-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20553-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-09-03T23:17:01 <p>Information published.</p> 3.0 2025-12-07T01:49:15 <p>Information published.</p> 5.0 2026-03-03T14:57:27 <p>Information published.</p> 6.0 2026-03-31T15:08:25 <p>Information published.</p> 2.0 2025-12-03T01:02:08 <p>Information published.</p> 4.0 2026-01-07T14:35:40 <p>Information published.</p> xfrm: interface: fix use-after-free after changing collect_md xfrm interface <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38500 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:19:48 <p>Information published.</p> arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38670 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:20:26 <p>Information published.</p> net/mlx5: Check device memory pointer before usage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38645 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:23:33 <p>Information published.</p> 2.0 2026-01-09T01:06:13 <p>Information published.</p> 3.0 2026-02-24T14:44:48 <p>Information published.</p> tls: handle data disappearing from under the TLS ULP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38616 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T23:26:07 <p>Information published.</p> LibTIFF tiffcrop tiffcrop.c readSeparateStripsetoBuffer stack-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8851 Stack-based Buffer Overflow 20104-17084 19773-17086 20397-17086 20415-17084 20104-17084 19773-17086 20397-17086 20415-17084 20104-17084 19773-17086 Moderate 20397-17086 Moderate 20415-17084 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 20104-17084 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 19773-17086 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 20397-17086 5.3 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C 20415-17084 CBL-Mariner Releases 20104-17084 19773-17086 20397-17086 20415-17084 No Security Update 4.6.0-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20104-17084 19773-17086 20397-17086 20415-17084 CBL-Mariner Releases 1.0 2025-09-03T23:29:23 <p>Information published.</p> net: appletalk: Fix use-after-free in AARP proxy probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38666 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T23:29:24 <p>Information published.</p> 3.0 2026-02-24T14:45:01 <p>Information published.</p> 2.0 2026-01-09T01:07:06 <p>Information published.</p> NASM Netwide Assember nasm.c assemble_file stack-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8845 Stack-based Buffer Overflow 19796-17084 20220-17086 19668-17086 21114-17086 17667-17084 21097-17084 19796-17084 20220-17086 19668-17086 21114-17086 17667-17084 21097-17084 Moderate 19796-17084 Moderate 20220-17086 Moderate 19668-17086 Moderate 21114-17086 Moderate 17667-17084 Moderate 21097-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19796-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 20220-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19668-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21114-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 17667-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21097-17084 2.0 2026-03-31T14:45:44 <p>Information published.</p> 1.0 2025-09-03T23:38:10 <p>Information published.</p> 1.1 2026-02-21T03:28:16 <p>Information published.</p> A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-52194 Stack-based Buffer Overflow 20039-17086 17592-17084 20369-17086 20887-17084 20039-17086 17592-17084 20369-17086 20887-17084 20039-17086 Important 17592-17084 Important 20369-17086 Important 20887-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20039-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17592-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20369-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20887-17084 2.0 2026-02-18T14:05:25 <p>Information published.</p> 1.0 2025-09-03T23:34:47 <p>Information published.</p> jqlang jq JSON jq_test.c run_jq_tests assertion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-9403 Reachable Assertion 20251-17086 20607-17086 21297-17084 20251-17086 20607-17086 21297-17084 Moderate 20251-17086 Moderate 20607-17086 Low 21297-17084 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20251-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 20607-17086 3.3 3.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R 21297-17084 CBL-Mariner Releases 20251-17086 20607-17086 No Security Update 1.6-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20251-17086 20607-17086 CBL-Mariner Releases 1.0 2025-09-03T23:38:41 <p>Information published.</p> 2.0 2026-05-03T01:03:05 <p>Information published.</p> 3.0 2026-05-04T14:42:32 <p>Information published.</p> NASM Netwide Assember parser.c parse_line stack-based overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8846 Stack-based Buffer Overflow 21097-17084 21114-17086 19796-17084 17667-17084 20220-17086 19668-17086 21097-17084 21114-17086 19796-17084 17667-17084 20220-17086 19668-17086 Moderate 21097-17084 Moderate 21114-17086 Moderate 19796-17084 Moderate 17667-17084 Moderate 20220-17086 Moderate 19668-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21097-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 21114-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19796-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 17667-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 20220-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R 19668-17086 1.0 2025-09-03T23:48:09 <p>Information published.</p> 2.0 2026-03-31T14:46:19 <p>Information published.</p> 1.1 2026-02-21T03:30:26 <p>Information published.</p> vim xxd xxd.c main buffer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-9390 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19624-17084 20255-17086 19576-17086 19624-17084 20255-17086 19576-17086 Moderate 19624-17084 20255-17086 Moderate 19576-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 19624-17084 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 20255-17086 5.3 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 19576-17086 CBL-Mariner Releases 19624-17084 20255-17086 19576-17086 No Security Update 9.1.1616-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19624-17084 20255-17086 19576-17086 CBL-Mariner Releases 1.0 2025-09-03T23:44:33 <p>Information published.</p> AIDE improper output neutralization vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-54389 Improper Output Neutralization for Logs 20264-17086 20535-17086 20262-17084 20430-17084 20264-17086 20535-17086 20262-17084 20430-17084 20264-17086 Moderate 20535-17086 20262-17084 Moderate 20430-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20264-17086 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U 20535-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 20262-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 20430-17084 CBL-Mariner Releases 20264-17086 20535-17086 No Security Update 0.16-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20264-17086 20535-17086 CBL-Mariner Releases CBL-Mariner Releases 20262-17084 20430-17084 No Security Update 0.18.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20262-17084 20430-17084 CBL-Mariner Releases 1.0 2025-09-03T23:53:54 <p>Information published.</p> iommu/amd: Avoid stack buffer overflow from kernel cmdline <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38676 17087-17086 19683-17084 17087-17086 19683-17084 Important 17087-17086 Important 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 19683-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19683-17084 CBL-Mariner Releases 2.0 2026-01-10T01:02:11 <p>Information published.</p> 1.0 2025-09-03T23:53:01 <p>Information published.</p> 2.1 2026-02-18T14:07:19 <p>Information published.</p> 3.0 2026-02-24T14:35:55 <p>Information published.</p> github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-58058 Allocation of Resources Without Limits or Throttling 19821-17086 19777-17086 19945-17086 20404-17086 20405-17086 20406-17086 20407-17086 20428-17084 20536-17086 20538-17086 20539-17086 20582-17084 20566-17084 20583-17084 19694-17086 19792-17086 19858-17086 19346-17084 19912-17086 17581-17084 17793-17084 19335-17084 19935-17084 20403-17086 20374-17086 20429-17084 20522-17086 20537-17086 20540-17086 20581-17084 19821-17086 19777-17086 19945-17086 20404-17086 20405-17086 20406-17086 20407-17086 20428-17084 20536-17086 20538-17086 20539-17086 20582-17084 20566-17084 20583-17084 19694-17086 19792-17086 19858-17086 19346-17084 19912-17086 17581-17084 17793-17084 19335-17084 19935-17084 20403-17086 20374-17086 20429-17084 20522-17086 20537-17086 20540-17086 20581-17084 19821-17086 19777-17086 19945-17086 Moderate 20404-17086 Moderate 20405-17086 Moderate 20406-17086 Moderate 20407-17086 Moderate 20428-17084 Moderate 20536-17086 Moderate 20538-17086 Moderate 20539-17086 Moderate 20582-17084 Moderate 20566-17084 Moderate 20583-17084 19694-17086 Moderate 19792-17086 19858-17086 19346-17084 19912-17086 17581-17084 Moderate 17793-17084 Moderate 19335-17084 Moderate 19935-17084 Moderate 20403-17086 Moderate 20374-17086 Moderate 20429-17084 Moderate 20522-17086 Moderate 20537-17086 Moderate 20540-17086 Moderate 20581-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19821-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19777-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19945-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20404-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20405-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20406-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20407-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20428-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20536-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20538-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20539-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20582-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20566-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20583-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19694-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19792-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19858-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19346-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19912-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17581-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17793-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19335-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19935-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20403-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20374-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20429-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20522-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20537-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20540-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20581-17084 CBL-Mariner Releases 20404-17086 20537-17086 No Security Update 3.2.236-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20404-17086 20537-17086 CBL-Mariner Releases CBL-Mariner Releases 20405-17086 20538-17086 No Security Update 1.9.5-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20405-17086 20538-17086 CBL-Mariner Releases CBL-Mariner Releases 20406-17086 20539-17086 No Security Update 1.14.2-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20406-17086 20539-17086 CBL-Mariner Releases CBL-Mariner Releases 20407-17086 20540-17086 No Security Update 1.3.2-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20407-17086 20540-17086 CBL-Mariner Releases CBL-Mariner Releases 20428-17084 20581-17084 No Security Update 1.57.0-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20428-17084 20581-17084 CBL-Mariner Releases CBL-Mariner Releases 20536-17086 20403-17086 No Security Update 1.55.0-25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20536-17086 20403-17086 CBL-Mariner Releases CBL-Mariner Releases 20582-17084 20429-17084 No Security Update 3.10.182-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20582-17084 20429-17084 CBL-Mariner Releases CBL-Mariner Releases 20566-17084 19335-17084 No Security Update 1.9.5-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20566-17084 19335-17084 CBL-Mariner Releases CBL-Mariner Releases 20583-17084 19935-17084 No Security Update 1.14.4-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20583-17084 19935-17084 CBL-Mariner Releases CBL-Mariner Releases 20374-17086 20522-17086 No Security Update 1.22.3-16 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20374-17086 20522-17086 CBL-Mariner Releases 1.0 2025-09-04T00:16:28 <p>Information published.</p> 1.1 2026-02-18T14:09:54 <p>Information published.</p> PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PostgreSQL Yes CVE-2025-8713 Exposure of Sensitive Information Through Metadata 19600-17084 20267-17086 19600-17084 20267-17086 Low 19600-17084 Low 20267-17086 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U 19600-17084 3.1 2.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U 20267-17086 CBL-Mariner Releases 19600-17084 No Security Update 16.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19600-17084 CBL-Mariner Releases CBL-Mariner Releases 20267-17086 No Security Update 14.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20267-17086 CBL-Mariner Releases 1.1 2026-02-21T03:33:05 <p>Information published.</p> 1.0 2025-09-03T23:59:25 <p>Information published.</p> PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PostgreSQL Yes CVE-2025-8714 Inclusion of Functionality from Untrusted Control Sphere 19600-17084 20267-17086 19600-17084 20267-17086 Important 19600-17084 Important 20267-17086 8.8 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U 19600-17084 8.8 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U 20267-17086 CBL-Mariner Releases 19600-17084 No Security Update 16.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19600-17084 CBL-Mariner Releases CBL-Mariner Releases 20267-17086 No Security Update 14.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20267-17086 CBL-Mariner Releases 1.0 2025-09-04T00:03:47 <p>Information published.</p> 1.1 2026-02-21T03:34:40 <p>Information published.</p> PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PostgreSQL Yes CVE-2025-8715 Improper Neutralization of CRLF Sequences (&#39;CRLF Injection&#39;) 20267-17086 19600-17084 20267-17086 19600-17084 Important 20267-17086 Important 19600-17084 8.8 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U 20267-17086 8.8 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U 19600-17084 CBL-Mariner Releases 20267-17086 No Security Update 14.19-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20267-17086 CBL-Mariner Releases CBL-Mariner Releases 19600-17084 No Security Update 16.10-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19600-17084 CBL-Mariner Releases 1.1 2026-02-21T03:36:12 <p>Information published.</p> 1.0 2025-09-04T00:09:05 <p>Information published.</p> NGINX ngx_mail_smtp_module vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner f5 Yes CVE-2025-53859 Out-of-bounds Read 20144-17086 19860-17084 20401-17086 20432-17084 20144-17086 19860-17084 20401-17086 20432-17084 20144-17086 19860-17084 Moderate 20401-17086 Moderate 20432-17084 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20144-17086 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 19860-17084 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20401-17086 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20432-17084 CBL-Mariner Releases 20144-17086 20401-17086 No Security Update 1.22.1-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20144-17086 20401-17086 CBL-Mariner Releases CBL-Mariner Releases 19860-17084 20432-17084 No Security Update 1.25.4-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19860-17084 20432-17084 CBL-Mariner Releases 1.0 2025-09-04T00:15:43 <p>Information published.</p> Helm May Panic Due To Incorrect YAML Content <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-55198 Use of Uninitialized Resource 20274-17086 20533-17086 20402-17086 20274-17086 20533-17086 20402-17086 20274-17086 Moderate 20533-17086 Moderate 20402-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20274-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20533-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20402-17086 CBL-Mariner Releases 20533-17086 20402-17086 No Security Update 3.14.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20533-17086 20402-17086 CBL-Mariner Releases 1.0 2025-09-04T00:18:06 <p>Information published.</p> Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-55199 Allocation of Resources Without Limits or Throttling 20274-17086 20941-17086 20402-17086 20533-17086 20274-17086 20941-17086 20402-17086 20533-17086 20274-17086 Moderate 20941-17086 Moderate 20402-17086 Moderate 20533-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20274-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20941-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20402-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20533-17086 2.0 2026-03-03T14:39:29 <p>Information published.</p> 1.0 2025-09-04T00:23:40 <p>Information published.</p> phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38535 17087-17086 17085-17084 17087-17086 17085-17084 Important 17087-17086 Important 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 17085-17084 2.0 2026-01-09T01:03:26 <p>Information published.</p> 2.1 2026-02-21T03:40:17 <p>Information published.</p> 1.0 2025-09-04T00:31:56 <p>Information published.</p> ipv6: mcast: Delay put pmc->idev in mld_del_delrec() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38550 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-09T01:04:19 <p>Information published.</p> 3.0 2026-02-24T14:43:44 <p>Information published.</p> 1.0 2025-09-04T00:35:43 <p>Information published.</p> net: libwx: properly reset Rx ring descriptor <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38532 17085-17084 17085-17084 Important 17085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 17085-17084 1.0 2025-09-04T00:39:05 <p>Information published.</p> 1.1 2026-02-21T03:41:54 <p>Information published.</p> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38540 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:41:42 <p>Information published.</p> atm: clip: Fix memory leak of struct clip_vcc. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38546 Missing Release of Memory after Effective Lifetime 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:44:48 <p>Information published.</p> 3.0 2026-02-24T14:43:38 <p>Information published.</p> 2.0 2026-01-09T01:04:01 <p>Information published.</p> ice: add NULL check in eswitch lag check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38526 NULL Pointer Dereference 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:47:42 <p>Information published.</p> hwmon: (corsair-cpro) Validate the size of the received input buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38548 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:51:22 <p>Information published.</p> 2.0 2026-01-09T01:04:10 <p>Information published.</p> net: appletalk: Fix device refcount leak in atrtr_create() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38542 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-09T01:03:53 <p>Information published.</p> 3.0 2026-02-24T14:43:31 <p>Information published.</p> 1.0 2025-09-04T00:57:26 <p>Information published.</p> bpf: Fix oob access in cgroup local storage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38502 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 20412-17084 20553-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Important 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20553-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20553-17084 No Security Update 6.6.112.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20553-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T00:58:44 <p>Information published.</p> 2.0 2026-01-08T01:02:12 <p>Information published.</p> 3.0 2026-02-24T14:42:16 <p>Information published.</p> iio: common: st_sensors: Fix use of uninitialize device structs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38531 Use of Uninitialized Resource 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 19683-17084 20412-17084 20553-17084 17087-17086 20956-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 19683-17084 20412-17084 20553-17084 17087-17086 20956-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 17087-17086 Moderate 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 1.0 2025-09-04T01:02:17 <p>Information published.</p> 2.0 2025-11-20T01:02:38 <p>Information published.</p> 3.0 2025-12-07T01:47:16 <p>Information published.</p> 4.0 2026-01-08T14:44:16 <p>Information published.</p> 5.0 2026-01-20T14:38:39 <p>Information published.</p> 9.0 2026-03-31T14:46:55 <p>Information published.</p> 6.0 2026-02-21T03:48:12 <p>Information published.</p> 7.0 2026-03-03T14:42:41 <p>Information published.</p> 8.0 2026-03-04T14:35:49 <p>Information published.</p> 10.0 2026-04-29T14:38:57 <p>Information published.</p> 11.0 2026-05-02T14:37:37 <p>Information published.</p> dmaengine: nbpfaxi: Fix memory corruption in probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38538 17085-17084 17087-17086 17085-17084 17087-17086 Important 17085-17084 Important 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 2.0 2026-01-09T01:03:35 <p>Information published.</p> 2.1 2026-02-21T03:49:39 <p>Information published.</p> 1.0 2025-09-04T01:10:08 <p>Information published.</p> tracing: Add down_write(trace_event_sem) when adding trace event <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38539 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-09T01:03:44 <p>Information published.</p> 3.0 2026-02-24T14:43:24 <p>Information published.</p> 1.0 2025-09-04T01:12:44 <p>Information published.</p> rxrpc: Fix recv-recv race of completed call <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38524 20925-17086 19683-17084 20412-17084 17087-17086 21093-17086 20925-17086 19683-17084 20412-17084 17087-17086 21093-17086 Moderate 20925-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:16:14 <p>Information published.</p> 2.0 2025-11-20T01:02:33 <p>Information published.</p> 3.0 2026-03-03T14:42:21 <p>Information published.</p> 4.0 2026-03-31T14:52:48 <p>Information published.</p> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38513 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:21:04 <p>Information published.</p> 2.0 2026-01-09T01:02:16 <p>Information published.</p> 3.0 2026-02-24T14:42:44 <p>Information published.</p> rxrpc: Fix bug due to prealloc collision <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38544 19683-17084 21093-17086 20412-17084 17087-17086 20925-17086 19683-17084 21093-17086 20412-17084 17087-17086 20925-17086 19683-17084 Moderate 21093-17086 Moderate 20412-17084 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-03-03T14:42:57 <p>Information published.</p> 4.0 2026-03-31T14:53:08 <p>Information published.</p> 1.0 2025-09-04T01:23:01 <p>Information published.</p> 2.0 2025-11-20T01:02:43 <p>Information published.</p> drm/tegra: nvdec: Fix dma_alloc_coherent error check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38543 17085-17084 17085-17084 Important 17085-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17085-17084 1.0 2025-09-04T01:28:47 <p>Information published.</p> 1.1 2026-02-21T03:53:24 <p>Information published.</p> rxrpc: Fix oops due to non-existence of prealloc backlog struct <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38514 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:32:03 <p>Information published.</p> comedi: pcl812: Fix bit shift out of bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38530 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:36:44 <p>Information published.</p> 2.0 2026-01-09T01:03:17 <p>Information published.</p> drm/sched: Increment job count before swapping tail spsc queue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38515 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:39:53 <p>Information published.</p> 3.0 2026-02-24T14:42:51 <p>Information published.</p> 2.0 2026-01-09T01:02:25 <p>Information published.</p> comedi: aio_iiro_16: Fix bit shift out of bounds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38529 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:42:30 <p>Information published.</p> 2.0 2026-01-09T01:03:09 <p>Information published.</p> 3.0 2026-02-24T14:43:18 <p>Information published.</p> wifi: prevent A-MSDU attacks in mesh networks <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38512 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20412-17084 5.7 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:45:38 <p>Information published.</p> pinctrl: qcom: msm: mark certain pins as invalid for interrupts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38516 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T01:53:53 <p>Information published.</p> 2.0 2026-01-09T01:02:34 <p>Information published.</p> 3.0 2026-02-24T14:42:58 <p>Information published.</p> net: phy: Don't register LEDs for genphy <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38537 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:58:39 <p>Information published.</p> bpf: Reject %p% format string in bprintf-like helpers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38528 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:02:23 <p>Information published.</p> 2.0 2026-01-09T01:03:00 <p>Information published.</p> 3.0 2026-02-24T14:43:11 <p>Information published.</p> net: libwx: fix the using of Rx buffer DMA <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38533 17085-17084 17085-17084 Important 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.1 2026-02-21T04:00:15 <p>Information published.</p> 1.0 2025-09-04T02:07:07 <p>Information published.</p> ksmbd: limit repeated connections from clients with the same IP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38501 Uncontrolled Resource Consumption 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-11T14:43:46 <p>Information published.</p> ksmbd: limit repeated connections from clients with the same IP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38501 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:11:25 <p>Information published.</p> LibTIFF tiffcrop tiffcrop.c main memory corruption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2025-8961 Improper Restriction of Operations within the Bounds of a Memory Buffer 20104-17084 20747-17084 19773-17086 20397-17086 20415-17084 20534-17086 20571-17084 20606-17086 20696-17086 20104-17084 20747-17084 19773-17086 20397-17086 20415-17084 20534-17086 20571-17084 20606-17086 20696-17086 20104-17084 Low 20747-17084 19773-17086 Low 20397-17086 Low 20415-17084 Low 20534-17086 Low 20571-17084 Low 20606-17086 Low 20696-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20104-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20747-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 19773-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20397-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20415-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20534-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20571-17084 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20606-17086 3.3 3.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P 20696-17086 CBL-Mariner Releases 20747-17084 20571-17084 20606-17086 20696-17086 No Security Update 4.6.0-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20747-17084 20571-17084 20606-17086 20696-17086 CBL-Mariner Releases 1.0 2025-09-04T02:20:45 <p>Information published.</p> 3.0 2025-12-06T14:37:18 <p>Information published.</p> 4.0 2025-12-07T01:47:27 <p>Information published.</p> 2.0 2025-11-29T01:36:00 <p>Information published.</p> AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2025-54409 NULL Pointer Dereference 20430-17084 20262-17084 20264-17086 20535-17086 20430-17084 20262-17084 20264-17086 20535-17086 Moderate 20430-17084 20262-17084 20264-17086 Moderate 20535-17086 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20430-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20262-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20264-17086 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20535-17086 CBL-Mariner Releases 20430-17084 20262-17084 No Security Update 0.18.6-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20430-17084 20262-17084 CBL-Mariner Releases CBL-Mariner Releases 20264-17086 20535-17086 No Security Update 0.16-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20264-17086 20535-17086 CBL-Mariner Releases 1.0 2025-09-04T02:25:53 <p>Information published.</p> net/sched: Restrict conditions for adding duplicating netems to qdisc tree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38553 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 19683-17084 4.4 4.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-10T01:01:31 <p>Information published.</p> 3.0 2026-02-24T14:46:20 <p>Information published.</p> 1.0 2025-09-04T02:28:56 <p>Information published.</p> bpf: Reject narrower access to pointer ctx fields <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38591 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 20553-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 20553-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 20553-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T02:32:08 <p>Information published.</p> 2.0 2025-11-28T01:01:55 <p>Information published.</p> 3.0 2025-12-07T01:47:36 <p>Information published.</p> 5.0 2026-01-20T14:38:50 <p>Information published.</p> 6.0 2026-02-21T04:05:16 <p>Information published.</p> 8.0 2026-03-04T14:35:57 <p>Information published.</p> 9.0 2026-03-31T14:47:37 <p>Information published.</p> 10.0 2026-04-29T14:39:11 <p>Information published.</p> 12.0 2026-05-11T01:50:26 <p>Information published.</p> 4.0 2026-01-08T14:44:26 <p>Information published.</p> 7.0 2026-03-03T14:56:17 <p>Information published.</p> 11.0 2026-05-06T14:52:10 <p>Information published.</p> 13.0 2026-05-17T14:51:38 <p>Information published.</p> 13.1 2026-05-22T01:46:01 <p>Information published.</p> iwlwifi: Add missing check for alloc_ordered_workqueue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38602 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.1 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.1 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:35:35 <p>Information published.</p> 2.0 2026-01-09T01:04:54 <p>Information published.</p> 3.0 2026-02-24T14:43:51 <p>Information published.</p> wifi: rtl818x: Kill URBs before clearing tx status queue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38604 NULL Pointer Dereference 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T02:44:21 <p>Information published.</p> 3.0 2026-02-24T14:43:57 <p>Information published.</p> 2.0 2026-01-09T01:05:02 <p>Information published.</p> sunrpc: fix client side handling of tls alerts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38571 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T03:08:05 <p>Information published.</p> PM / devfreq: Check governor before using governor->name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38609 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T03:11:58 <p>Information published.</p> 3.0 2026-02-24T14:44:11 <p>Information published.</p> 2.0 2026-01-09T01:05:22 <p>Information published.</p> pptp: ensure minimal skb length in pptp_xmit() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38574 Use of Uninitialized Resource 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Important 17087-17086 19683-17084 Moderate 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T03:20:25 <p>Information published.</p> 2.0 2026-01-10T01:03:24 <p>Information published.</p> 3.0 2026-02-24T14:36:54 <p>Information published.</p> usb: gadget : fix use-after-free in composite_dev_cleanup() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38555 Use After Free 17085-17084 17087-17086 17085-17084 17087-17086 Important 17085-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-09-04T03:24:39 <p>Information published.</p> 2.0 2026-01-10T01:01:36 <p>Information published.</p> 3.0 2026-01-13T01:42:49 <p>Information published.</p> 3.1 2026-02-21T04:13:37 <p>Information published.</p> wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38605 17085-17084 17085-17084 Important 17085-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17085-17084 1.0 2025-09-04T03:28:14 <p>Information published.</p> 1.1 2026-02-21T04:14:19 <p>Information published.</p> sunrpc: fix handling of server side tls alerts <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38566 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 19683-17084 5.8 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20412-17084 5.8 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T03:32:11 <p>Information published.</p> In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-54349 Off-by-one Error 20340-17084 20101-17086 20398-17086 20340-17084 20101-17086 20398-17086 Moderate 20340-17084 20101-17086 Moderate 20398-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 20340-17084 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U 20101-17086 6.5 6.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U 20398-17086 CBL-Mariner Releases 20340-17084 No Security Update 3.17.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20340-17084 CBL-Mariner Releases CBL-Mariner Releases 20101-17086 20398-17086 No Security Update 3.18-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20101-17086 20398-17086 CBL-Mariner Releases 1.1 2026-02-21T04:25:22 <p>Information published.</p> 1.0 2025-09-04T03:41:51 <p>Information published.</p> perf/core: Prevent VMA split of buffer mappings <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38563 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-10T01:01:45 <p>Information published.</p> 1.0 2025-09-04T03:47:38 <p>Information published.</p> 3.0 2026-02-24T14:35:18 <p>Information published.</p> staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38612 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 Moderate 20412-17084 19683-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-01-09T01:05:31 <p>Information published.</p> 1.0 2025-09-04T03:51:07 <p>Information published.</p> 3.0 2026-02-24T14:44:18 <p>Information published.</p> net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38568 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Important 20412-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T03:57:06 <p>Information published.</p> wifi: ath11k: clear initialized flag for deinit-ed srng lists <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38601 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T04:02:55 <p>Information published.</p> 2.0 2026-01-09T01:04:45 <p>Information published.</p> 3.0 2026-01-13T01:38:31 <p>Information published.</p> ksmbd: fix Preauh_HashValue race condition <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38561 17085-17084 17087-17086 17085-17084 17087-17086 Critical 17085-17084 Important 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 8.5 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 17087-17086 1.0 2025-09-04T04:06:25 <p>Information published.</p> 2.0 2026-01-09T01:04:36 <p>Information published.</p> 2.1 2026-02-21T04:18:23 <p>Information published.</p> x86/sev: Evict cache lines during SNP memory validation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38560 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U 19683-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T04:44:06 <p>Information published.</p> perf/core: Exit early on perf_mmap() fail <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38565 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T04:47:59 <p>Information published.</p> 2.0 2026-01-10T01:01:51 <p>Information published.</p> 3.0 2026-02-24T14:35:26 <p>Information published.</p> LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner VulDB Yes CVE-2024-13978 NULL Pointer Dereference 20415-17084 20397-17086 20534-17086 20571-17084 20415-17084 20397-17086 20534-17086 20571-17084 Low 20415-17084 20397-17086 Low 20534-17086 Low 20571-17084 2.5 2.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C 20415-17084 2.5 2.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C 20397-17086 2.5 2.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C 20534-17086 2.5 2.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C 20571-17084 CBL-Mariner Releases 20415-17084 20397-17086 20534-17086 No Security Update 4.6.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20415-17084 20397-17086 20534-17086 CBL-Mariner Releases CBL-Mariner Releases 20571-17084 No Security Update 4.6.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20571-17084 CBL-Mariner Releases 1.0 2025-09-13T01:05:01 <p>Information published.</p> wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Mariner Linux Yes CVE-2025-38656 Use After Free 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 20860-17084 20925-17086 21094-17084 21093-17086 21308-17084 21332-17084 21344-17084 20613-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 20860-17084 20925-17086 21094-17084 21093-17086 21308-17084 21332-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 20860-17084 Important 20925-17086 Moderate 21094-17084 Important 21093-17086 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-11-28T01:01:41 <p>Information published.</p> 2.0 2025-12-07T01:38:41 <p>Information published.</p> 4.0 2026-01-20T14:50:30 <p>Information published.</p> 5.0 2026-02-21T03:57:07 <p>Information published.</p> 6.0 2026-02-25T01:03:29 <p>Information published.</p> 8.0 2026-03-31T15:06:40 <p>Information published.</p> 9.0 2026-04-29T14:51:22 <p>Information published.</p> 3.0 2026-01-08T14:40:45 <p>Information published.</p> 7.0 2026-03-05T01:36:24 <p>Information published.</p> 10.0 2026-05-06T14:44:22 <p>Information published.</p> 11.0 2026-05-11T01:43:09 <p>Information published.</p> 12.0 2026-05-17T14:44:14 <p>Information published.</p> benet: fix BUG when creating VFs Mariner Linux Yes CVE-2025-38569 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2026-01-10T01:01:56 <p>Information published.</p> 2.0 2026-02-24T14:35:33 <p>Information published.</p> tls: separate no-async decryption request handling from async Mariner Linux Yes CVE-2024-58240 Use After Free 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Important 20925-17086 Important 21093-17086 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2026-01-11T01:01:27 <p>Information published.</p> 2.0 2026-01-12T14:38:12 <p>Information published.</p> 4.0 2026-03-31T15:08:16 <p>Information published.</p> 3.0 2026-03-03T14:52:49 <p>Information published.</p> xfrm: state: initialize state_ptrs earlier in xfrm_state_find Mariner Linux Yes CVE-2025-38675 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 21344-17084 21344-17084 Moderate 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2026-05-25T14:38:48 <p>Information published.</p> 1.0 2026-05-25T01:01:34 <p>Information published.</p> A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2022-4743 Missing Release of Memory after Effective Lifetime 1.0 2025-08-07T00:00:00 <p>Information published.</p> Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-37464 Use of a Broken or Risky Cryptographic Algorithm 1.0 2025-08-07T00:00:00 <p>Information published.</p> Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2015-3310 Improper Restriction of Operations within the Bounds of a Memory Buffer 1.0 2025-08-07T00:00:00 <p>Information published.</p> proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38653 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-03T22:05:46 <p>Information published.</p> Incorrect results returned from Rows.Scan in database/sql <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2025-47907 20138-17084 19755-17086 20123-17086 20145-17084 20387-17086 20138-17084 19755-17086 20123-17086 20145-17084 20387-17086 Important 20138-17084 Important 19755-17086 20123-17086 Important 20145-17084 Important 20387-17086 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 20138-17084 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 19755-17086 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 20123-17086 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 20145-17084 7.0 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 20387-17086 CBL-Mariner Releases 20138-17084 No Security Update 1.24.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20138-17084 CBL-Mariner Releases CBL-Mariner Releases 19755-17086 No Security Update 1.18.8-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19755-17086 CBL-Mariner Releases CBL-Mariner Releases 20123-17086 20387-17086 No Security Update 1.22.7-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20123-17086 20387-17086 CBL-Mariner Releases CBL-Mariner Releases 20145-17084 No Security Update 1.23.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20145-17084 CBL-Mariner Releases 1.0 2025-09-03T22:18:29 <p>Information published.</p> 1.1 2026-02-21T04:27:03 <p>Information published.</p> can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38665 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 Moderate 20925-17086 Moderate 21093-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 3.0 2026-03-03T14:50:56 <p>Information published.</p> 4.0 2026-03-31T15:06:25 <p>Information published.</p> 1.0 2025-09-03T22:16:52 <p>Information published.</p> 2.0 2026-01-09T01:06:57 <p>Information published.</p> net/packet: fix a race in packet_set_ring() and packet_notifier() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38617 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Moderate 17087-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19683-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-03T22:34:22 <p>Information published.</p> 2.0 2026-01-09T01:05:39 <p>Information published.</p> 3.0 2026-02-24T14:44:24 <p>Information published.</p> mptcp: plug races between subflow fail and subflow creation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38552 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Important 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:28:50 <p>Information published.</p> 2.0 2026-01-09T01:04:28 <p>Information published.</p> btrfs: fix assertion when building free space tree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38503 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.0 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 19683-17084 5.0 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T00:53:31 <p>Information published.</p> f2fs: fix to avoid out-of-boundary access in dnode page <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38677 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Important 17087-17086 19683-17084 Moderate 20412-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19683-17084 5.1 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 20412-17084 2.0 2026-01-10T01:02:16 <p>Information published.</p> 3.0 2026-01-13T01:43:03 <p>Information published.</p> 3.1 2026-02-18T14:10:51 <p>Information published.</p> 1.0 2025-09-04T01:06:37 <p>Information published.</p> kasan: remove kasan_find_vm_area() to prevent possible deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38510 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T01:07:11 <p>Information published.</p> smb: client: fix use-after-free in cifs_oplock_break <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38527 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Important 20412-17084 Important 17087-17086 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 3.0 2026-02-24T14:43:04 <p>Information published.</p> 1.0 2025-09-04T01:51:07 <p>Information published.</p> 2.0 2026-01-09T01:02:52 <p>Information published.</p> drm/amdkfd: Don't call mmput from MMU notifier callback <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38520 19683-17084 20412-17084 20925-17086 21093-17086 17087-17086 19683-17084 20412-17084 20925-17086 21093-17086 17087-17086 19683-17084 Moderate 20412-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:14:26 <p>Information published.</p> 4.0 2026-03-31T15:06:02 <p>Information published.</p> 2.0 2026-01-09T01:02:43 <p>Information published.</p> 3.0 2026-03-03T14:50:40 <p>Information published.</p> f2fs: fix KMSAN uninit-value in extent_info usage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38579 Use of Uninitialized Resource 17087-17086 17085-17084 17087-17086 17085-17084 Important 17087-17086 Important 17085-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17085-17084 2.0 2026-01-10T01:03:43 <p>Information published.</p> 3.0 2026-01-13T01:43:46 <p>Information published.</p> 1.0 2025-09-04T02:39:27 <p>Information published.</p> 3.1 2026-02-21T04:06:50 <p>Information published.</p> net/mlx5e: Remove skb secpath if xfrm state is not found <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38590 Missing Release of Memory after Effective Lifetime 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 20412-17084 17087-17086 20925-17086 21093-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:47:43 <p>Information published.</p> 2.0 2025-11-28T01:01:51 <p>Information published.</p> 3.0 2026-03-03T14:56:00 <p>Information published.</p> 4.0 2026-03-31T15:07:03 <p>Information published.</p> powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38610 19683-17084 20412-17084 19683-17084 20412-17084 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:51:36 <p>Information published.</p> ksmbd: fix null pointer dereference error in generate_encryptionkey <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38562 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T02:55:37 <p>Information published.</p> 2.0 2026-01-10T01:01:41 <p>Information published.</p> 3.0 2026-01-13T01:42:56 <p>Information published.</p> bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38608 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 19683-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T02:59:49 <p>Information published.</p> 2.0 2026-01-09T01:05:11 <p>Information published.</p> 3.0 2026-02-24T14:44:04 <p>Information published.</p> staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38585 19683-17084 20412-17084 20613-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20553-17084 20725-17084 21308-17084 21344-17084 19683-17084 20412-17084 20613-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20553-17084 20725-17084 21308-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20725-17084 Moderate 21308-17084 Important 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21344-17084 3.0 2026-01-08T14:44:36 <p>Information published.</p> 4.0 2026-01-20T14:39:00 <p>Information published.</p> 5.0 2026-02-21T04:10:38 <p>Information published.</p> 6.0 2026-03-04T14:36:06 <p>Information published.</p> 7.0 2026-03-31T14:48:02 <p>Information published.</p> 8.0 2026-04-29T14:39:25 <p>Information published.</p> 11.1 2026-05-22T01:46:08 <p>Information published.</p> 1.0 2025-09-04T03:03:20 <p>Information published.</p> 2.0 2025-12-07T01:47:45 <p>Information published.</p> 9.0 2026-05-06T14:52:18 <p>Information published.</p> 10.0 2026-05-11T01:50:35 <p>Information published.</p> 11.0 2026-05-17T14:51:46 <p>Information published.</p> f2fs: fix to avoid panic in f2fs_evict_inode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38577 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 19683-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20412-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T03:16:52 <p>Information published.</p> 2.0 2026-01-10T01:03:33 <p>Information published.</p> 3.0 2026-01-13T01:43:35 <p>Information published.</p> In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2025-54350 Reachable Assertion 20340-17084 20101-17086 20398-17086 20340-17084 20101-17086 20398-17086 Low 20340-17084 20101-17086 Low 20398-17086 3.7 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 20340-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20101-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20398-17086 CBL-Mariner Releases 20340-17084 No Security Update 3.17.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20340-17084 CBL-Mariner Releases CBL-Mariner Releases 20101-17086 20398-17086 No Security Update 3.18-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20101-17086 20398-17086 CBL-Mariner Releases 1.0 2025-09-04T03:37:15 <p>Information published.</p> 1.1 2026-02-21T04:24:59 <p>Information published.</p> vmci: Prevent the dispatching of uninitialized payloads <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38611 19683-17084 19683-17084 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19683-17084 1.0 2025-09-04T03:38:53 <p>Information published.</p> HID: core: Harden s32ton() against conversion to 0 bits <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38556 19683-17084 20613-17084 17087-17086 20725-17084 20925-17086 21093-17086 20412-17084 20553-17084 19683-17084 20613-17084 17087-17086 20725-17084 20925-17086 21093-17086 20412-17084 20553-17084 19683-17084 Important 20613-17084 Important 17087-17086 Important 20725-17084 Important 20925-17086 Important 21093-17086 Important 20412-17084 Important 20553-17084 8.0 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 19683-17084 8.0 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 8.0 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 8.0 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20412-17084 8.0 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U 20553-17084 1.0 2025-09-04T03:43:17 <p>Information published.</p> 3.0 2025-12-07T01:47:54 <p>Information published.</p> 2.0 2025-11-20T01:02:48 <p>Information published.</p> 4.0 2026-01-07T14:35:28 <p>Information published.</p> 5.0 2026-03-03T14:43:12 <p>Information published.</p> 6.0 2026-03-31T14:53:33 <p>Information published.</p> crypto: ccp - Fix crash when rebind ccp device for ccp.ko <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38581 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:03:48 <p>Information published.</p> 3.0 2026-01-13T01:43:52 <p>Information published.</p> 1.0 2025-09-04T03:53:45 <p>Information published.</p> Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38593 20412-17084 20553-17084 20613-17084 19683-17084 20412-17084 20553-17084 20613-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-09-04T04:11:00 <p>Information published.</p> 2.0 2025-12-02T14:35:29 <p>Information published.</p> powerpc/eeh: Make EEH driver device hotplug safe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38576 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T04:15:21 <p>Information published.</p> 2.0 2026-01-10T01:03:28 <p>Information published.</p> 3.0 2026-01-13T01:43:30 <p>Information published.</p> padata: Fix pd UAF once and for all <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38584 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 20553-17084 20956-17084 21308-17084 21344-17084 19683-17084 20412-17084 20613-17084 17087-17086 20725-17084 20788-17084 20823-17084 20860-17084 20925-17086 21094-17084 21093-17086 21248-17084 21332-17084 20553-17084 20956-17084 21308-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Important 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Important 20925-17086 Moderate 21094-17084 Important 21093-17086 Moderate 21248-17084 Moderate 21332-17084 Moderate 20553-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21344-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20788-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20823-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21248-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21332-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20553-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20956-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 21308-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-11-28T01:01:46 <p>Information published.</p> 3.0 2025-12-07T01:48:02 <p>Information published.</p> 4.0 2026-01-08T14:44:46 <p>Information published.</p> 5.0 2026-01-20T14:39:11 <p>Information published.</p> 6.0 2026-02-21T04:19:45 <p>Information published.</p> 7.0 2026-03-03T14:55:39 <p>Information published.</p> 8.0 2026-03-04T14:36:14 <p>Information published.</p> 9.0 2026-03-31T14:48:39 <p>Information published.</p> 10.0 2026-04-29T14:39:37 <p>Information published.</p> 13.1 2026-05-22T01:46:16 <p>Information published.</p> 1.0 2025-09-04T04:21:24 <p>Information published.</p> 11.0 2026-05-06T14:52:26 <p>Information published.</p> 12.0 2026-05-11T01:50:43 <p>Information published.</p> 13.0 2026-05-17T14:51:54 <p>Information published.</p> f2fs: fix to avoid UAF in f2fs_sync_inode_meta() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38578 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 7.3 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U 19683-17084 7.3 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 1.0 2025-09-04T04:25:05 <p>Information published.</p> 2.0 2026-01-10T01:03:38 <p>Information published.</p> 3.0 2026-01-13T01:43:41 <p>Information published.</p> fs/ntfs3: cancle set bad inode after removing name fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38615 17085-17084 17087-17086 17085-17084 17087-17086 Critical 17085-17084 Moderate 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17085-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-04T04:28:48 <p>Information published.</p> 2.0 2025-11-28T01:02:00 <p>Information published.</p> 3.0 2025-12-03T01:38:48 <p>Information published.</p> 3.1 2026-02-21T04:20:48 <p>Information published.</p> ipv6: reject malicious packets in ipv6_gso_segment() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38572 19683-17084 17087-17086 20412-17084 19683-17084 17087-17086 20412-17084 19683-17084 Important 17087-17086 Moderate 20412-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 19683-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:03:19 <p>Information published.</p> 3.0 2026-02-24T14:36:47 <p>Information published.</p> 1.0 2025-09-04T04:31:59 <p>Information published.</p> clk: xilinx: vcu: unregister pll_post only if registered correctly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38583 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 20412-17084 Moderate 17087-17086 19683-17084 Moderate 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases 2.0 2026-01-10T01:03:53 <p>Information published.</p> 1.0 2025-09-04T04:35:56 <p>Information published.</p> 3.0 2026-02-24T14:37:01 <p>Information published.</p> eventpoll: Fix semi-unbounded recursion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2025-38614 20412-17084 17087-17086 19683-17084 20412-17084 17087-17086 19683-17084 Moderate 20412-17084 Moderate 17087-17086 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 CBL-Mariner Releases 20412-17084 No Security Update 6.6.104.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20412-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-09-04T04:39:23 <p>Information published.</p> 2.0 2026-01-10T01:03:58 <p>Information published.</p> 3.0 2026-02-24T14:37:09 <p>Information published.</p> Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Mariner Linux Yes CVE-2022-50233 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-11-21T01:01:41 <p>Information published.</p> 2.0 2026-03-03T14:44:06 <p>Information published.</p> 3.0 2026-03-31T14:54:43 <p>Information published.</p> HID: nintendo: avoid bluetooth suspend/resume stalls Mariner Linux Yes CVE-2025-38507 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-11-21T01:01:54 <p>Information published.</p> 2.0 2025-11-25T01:38:29 <p>Information published.</p> RDMA/hns: Fix double destruction of rsv_qp Mariner Linux Yes CVE-2025-38582 Double Free 20613-17084 20613-17084 Important 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 1.0 2025-11-28T01:01:22 <p>Information published.</p> 2.0 2025-12-02T01:41:26 <p>Information published.</p> xen: fix UAF in dmabuf_exp_from_pages() Mariner Linux Yes CVE-2025-38595 Use After Free 20613-17084 17087-17086 20613-17084 17087-17086 Important 20613-17084 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 1.0 2025-11-28T01:01:30 <p>Information published.</p> 2.0 2025-12-02T01:41:33 <p>Information published.</p> drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Mariner Linux Yes CVE-2025-38597 NULL Pointer Dereference 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-11-28T01:01:36 <p>Information published.</p> 2.0 2025-12-03T01:38:43 <p>Information published.</p> Tracing logging user input may result in poisoning logs with ANSI escape sequences Mariner GitHub_M Yes CVE-2025-58160 Improper Neutralization of Escape, Meta, or Control Sequences 20712-17084 20766-17084 20744-17084 20767-17084 20393-17086 20394-17086 20828-17084 20824-17084 20822-17084 20876-17084 20864-17084 20865-17084 20878-17086 20879-17086 20939-17086 20955-17084 20977-17084 20978-17084 20964-17084 21135-17084 21136-17084 21284-17084 20421-17084 18011-17086 20605-17086 20959-17084 21108-17086 20712-17084 20766-17084 20744-17084 20767-17084 20393-17086 20394-17086 20828-17084 20824-17084 20822-17084 20876-17084 20864-17084 20865-17084 20878-17086 20879-17086 20939-17086 20955-17084 20977-17084 20978-17084 20964-17084 21135-17084 21136-17084 21284-17084 20421-17084 18011-17086 20605-17086 20959-17084 21108-17086 Low 20712-17084 Low 20766-17084 Low 20744-17084 Low 20767-17084 Low 20393-17086 Low 20394-17086 Low 20828-17084 Low 20824-17084 Low 20822-17084 Low 20876-17084 Low 20864-17084 Low 20865-17084 Low 20878-17086 Low 20879-17086 Low 20939-17086 Low 20955-17084 Low 20977-17084 Low 20978-17084 Low 20964-17084 Low 21135-17084 Low 21136-17084 Low 21284-17084 Low 20421-17084 Low 18011-17086 Low 20605-17086 Low 20959-17084 Low 21108-17086 CBL-Mariner Releases 20864-17084 20959-17084 No Security Update 1.75.0-25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20864-17084 20959-17084 CBL-Mariner Releases CBL-Mariner Releases 20865-17084 20964-17084 No Security Update 1.90.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20865-17084 20964-17084 CBL-Mariner Releases CBL-Mariner Releases 20878-17086 No Security Update 2022.1-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20878-17086 CBL-Mariner Releases CBL-Mariner Releases 20939-17086 21108-17086 No Security Update 1.72.0-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20939-17086 21108-17086 CBL-Mariner Releases CBL-Mariner Releases 20955-17084 No Security Update 0.22.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20955-17084 CBL-Mariner Releases CBL-Mariner Releases 20978-17084 21136-17084 No Security Update 2024.4-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20978-17084 21136-17084 CBL-Mariner Releases 2.0 2026-01-20T14:44:39 <p>Information published.</p> 3.0 2026-02-18T02:46:10 <p>Information published.</p> 4.0 2026-03-03T14:49:00 <p>Information published.</p> 5.0 2026-03-04T01:13:02 <p>Information published.</p> 6.0 2026-03-04T14:47:02 <p>Information published.</p> 7.0 2026-03-14T01:36:06 <p>Information published.</p> 8.0 2026-03-25T01:36:16 <p>Information published.</p> 9.0 2026-03-31T15:04:27 <p>Information published.</p> 1.0 2025-12-31T01:02:00 <p>Information published.</p> 10.0 2026-04-29T14:55:59 <p>Information published.</p> slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check Mariner GitHub_M Yes CVE-2025-55159 Improper Restriction of Operations within the Bounds of a Memory Buffer 20822-17084 20865-17084 20744-17084 20964-17084 20822-17084 20865-17084 20744-17084 20964-17084 Moderate 20822-17084 Moderate 20865-17084 Moderate 20744-17084 Moderate 20964-17084 CBL-Mariner Releases 20865-17084 20964-17084 No Security Update 1.90.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20865-17084 20964-17084 CBL-Mariner Releases 3.0 2026-03-04T14:36:27 <p>Information published.</p> 1.0 2026-01-21T01:05:54 <p>Information published.</p> 2.0 2026-02-18T15:04:18 <p>Information published.</p> Chromium: CVE-2025-9132 Out of bounds write in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.111</td> <td>8/21/2025</td> <td>139.0.7258.138/.139</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-9132 11655 11655 11655 Release Notes 11655 No Security Update 138.0.3351.144 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-21T15:59:59 <p>Information published.</p> Windows Hyper-V Denial of Service Vulnerability <p>Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p> <p><strong>According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the virtual network can only communicate with each other. In this attack vector, the vulnerable component is bound to the network stack, but the attack is limited to systems configured to use the HNV network.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-49751 Missing Synchronization 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10853 10816 10855 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10853 10816 10855 5063871 <a href="https://twitter.com/rthhh17">HongZhenhao</a> with <a href="https://twitter.com/tiangonglab">TianGong Team of Legendsec at Qi&#39;anxin Group</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Dynamics 365 (on-premises) Microsoft Yes CVE-2025-49745 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.4 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11921 5059086 https://www.microsoft.com/en-us/download/details.aspx?id=108284 11921 Maybe Security Update 9.1.38.10 https://support.microsoft.com/help/5059086 11921 5059086 <a href="https://batr.am/">batram</a> <a href="https://batr.am/">batram</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft SQL Server Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with explicit permissions could exploit the vulnerability by logging in to the SQL server and could then elevate their privileges to sysadmin.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5063814</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4210.1</td> <td>16.0.4003.1 - 16.0.4205.1</td> <td>KB 5059390 - SQL2022 RTM CU20</td> </tr> <tr> <td>5063756</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1145.1</td> <td>16.0.1000.6 - 16.0.1140.6</td> <td>KB 5058712 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5063757</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4440.1</td> <td>15.0.4003.23 - 15.0.4435.7</td> <td>KB 5058722 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5063758</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2140.1</td> <td>15.0.2000.5 - 15.0.2135.5</td> <td>KB 5058713 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5063759</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3500.1</td> <td>14.0.3006.16 - 14.0.3495.9</td> <td>KB 5058714 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5063760</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2080.1</td> <td>14.0.1000.169 - 14.0.2075.8</td> <td>KB 5058716 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5063761</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7060.1</td> <td>13.0.7000.253 - 13.0.7055.9</td> <td>KB 5058717 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5063762</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6465.1</td> <td>13.0.6300.2 - 13.0.6460.7</td> <td>KB 5058718 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-49758 Improper Privilege Management 11478 11821 12048 12053 12145 12147 16793 16785 Elevation of Privilege 11478 Elevation of Privilege 11821 Elevation of Privilege 12048 Elevation of Privilege 12053 Elevation of Privilege 12145 Elevation of Privilege 12147 Elevation of Privilege 16793 Elevation of Privilege 16785 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 16793 Important 16785 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16793 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16785 5063760 https://www.microsoft.com/en-us/download/details.aspx?id=108330 5058716 11478 Maybe Security Update 14.0.2080.1 https://support.microsoft.com/help/5063760 11478 5063760 5063758 https://www.microsoft.com/en-us/download/details.aspx?id=108327 5058713 11821 Maybe Security Update 15.0.2140.1 https://support.microsoft.com/help/5063758 11821 5063758 5063762 https://www.microsoft.com/en-us/download/details.aspx?id=108329 5058718 12048 Maybe Security Update 13.0.6465.1 https://support.microsoft.com/help/5063762 12048 5063762 5063761 https://www.microsoft.com/en-us/download/details.aspx?id=108328 5058717 12053 Maybe Security Update 13.0.7060.1 https://support.microsoft.com/help/5063761 12053 5063761 5063759 https://www.microsoft.com/en-us/download/details.aspx?id=108331 5058714 12145 Maybe Security Update 14.0.3500.1 https://support.microsoft.com/help/5063759 12145 5063759 5063756 https://www.microsoft.com/en-us/download/details.aspx?id=108325 5058712 12147 Maybe Security Update 16.0.1145.1 https://support.microsoft.com/help/5063756 12147 5063756 5063814 https://www.microsoft.com/en-us/download/details.aspx?id=108324 5059390 16793 Maybe Security Update 16.0.4210.1 https://support.microsoft.com/help/5063814 16793 5063814 5063757 https://www.microsoft.com/en-us/download/details.aspx?id=108326 5058714 16785 Maybe Security Update 15.0.4440.1 https://support.microsoft.com/help/5063757 16785 5063757 <a href="https://x.com/_mayyhem">Chris Thompson</a> with <a href="https://specterops.io/">SpecterOps</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft SQL Server Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could inject arbitrary T-SQL commands by crafting a malicious database name.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain sysadmin privileges.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5063814</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4210.1</td> <td>16.0.4003.1 - 16.0.4205.1</td> <td>KB 5059390 - SQL2022 RTM CU20</td> </tr> <tr> <td>5063756</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1145.1</td> <td>16.0.1000.6 - 16.0.1140.6</td> <td>KB 5058712 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5063757</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4440.1</td> <td>15.0.4003.23 - 15.0.4435.7</td> <td>KB 5058722 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5063758</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2140.1</td> <td>15.0.2000.5 - 15.0.2135.5</td> <td>KB 5058713 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5063759</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3500.1</td> <td>14.0.3006.16 - 14.0.3495.9</td> <td>KB 5058714 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5063760</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2080.1</td> <td>14.0.1000.169 - 14.0.2075.8</td> <td>KB 5058716 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5063761</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7060.1</td> <td>13.0.7000.253 - 13.0.7055.9</td> <td>KB 5058717 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5063762</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6465.1</td> <td>13.0.6300.2 - 13.0.6460.7</td> <td>KB 5058718 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-53727 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 16793 11478 11821 12048 12053 12145 12147 16785 Elevation of Privilege 16793 Elevation of Privilege 11478 Elevation of Privilege 11821 Elevation of Privilege 12048 Elevation of Privilege 12053 Elevation of Privilege 12145 Elevation of Privilege 12147 Elevation of Privilege 16785 Important 16793 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 16785 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16793 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16785 5063814 https://www.microsoft.com/en-us/download/details.aspx?id=108324 5059390 16793 Maybe Security Update 16.0.4210.1 https://support.microsoft.com/help/5063814 16793 5063814 5063760 https://www.microsoft.com/en-us/download/details.aspx?id=108330 5058716 11478 Maybe Security Update 14.0.2080.1 https://support.microsoft.com/help/5063760 11478 5063760 5063758 https://www.microsoft.com/en-us/download/details.aspx?id=108327 5058713 11821 Maybe Security Update 15.0.2140.1 https://support.microsoft.com/help/5063758 11821 5063758 5063762 https://www.microsoft.com/en-us/download/details.aspx?id=108329 5058718 12048 Maybe Security Update 13.0.6465.1 https://support.microsoft.com/help/5063762 12048 5063762 5063761 https://www.microsoft.com/en-us/download/details.aspx?id=108328 5058717 12053 Maybe Security Update 13.0.7060.1 https://support.microsoft.com/help/5063761 12053 5063761 5063759 https://www.microsoft.com/en-us/download/details.aspx?id=108331 5058714 12145 Maybe Security Update 14.0.3500.1 https://support.microsoft.com/help/5063759 12145 5063759 5063756 https://www.microsoft.com/en-us/download/details.aspx?id=108325 5058712 12147 Maybe Security Update 16.0.1145.1 https://support.microsoft.com/help/5063756 12147 5063756 5063757 https://www.microsoft.com/en-us/download/details.aspx?id=108326 5058714 16785 Maybe Security Update 15.0.4440.1 https://support.microsoft.com/help/5063757 16785 5063757 <a href="https://www.linkedin.com/in/fabianoamorim/">Fabiano Amorim</a> with <a href="https://pythian.com/">Pythian</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Azure File Sync Elevation of Privilege Vulnerability <p>Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Azure File Sync Microsoft Yes CVE-2025-53729 Improper Access Control 12340 16746 16747 16809 Elevation of Privilege 12340 Elevation of Privilege 16746 Elevation of Privilege 16747 Elevation of Privilege 16809 Important 12340 Important 16746 Important 16747 Important 16809 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12340 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16747 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16809 Release Notes https://support.microsoft.com/en-us/topic/azure-file-sync-agent-v18-3-release-august-2025-security-only-update-8c8bc089-6f56-44d5-90b0-5cb33f66663c 12340 No Security Update 18.3.0.0 https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-release-notes 12340 Release Notes Release Notes https://support.microsoft.com/en-us/topic/azure-file-sync-agent-v19-2-release-august-2025-security-only-update-5b457dbd-7615-490b-84ea-235fde9d65c8 16746 No Security Update 19.2.0.0 https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-release-notes 16746 Release Notes Release Notes https://support.microsoft.com/en-us/topic/azure-file-sync-agent-v20-1-release-august-2025-security-only-update-6a558f5d-005d-4111-9ebd-21e5dd652d77 16747 No Security Update 20.1.0.0 https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-release-notes 16747 Release Notes Release Notes https://support.microsoft.com/en-us/topic/azure-file-sync-agent-v21-1-release-august-2025-security-only-update-e0016f74-573d-492c-8bf7-c3be1e380836 16809 No Security Update 21.1.0.0 https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-release-notes 16809 Release Notes Michal Kamensky with Microsoft 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Exchange Server Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is whether an email address exists on the server or not.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-33051 Exposure of Sensitive Information to an Unauthorized Actor 12293 12039 12502 16792 Information Disclosure 12293 Information Disclosure 12039 Information Disclosure 12502 Information Disclosure 16792 Important 12293 Important 12039 Important 12502 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12293 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12502 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16792 5063222 https://www.microsoft.com/en-us/download/details.aspx?id=108336 5049233 12293 Yes Security Update 15.02.1544.033 https://support.microsoft.com/help/5063222 12293 5063222 5063223 https://www.microsoft.com/en-us/download/details.aspx?id=108333 5049233 12039 Yes Security Update 15.01.2507.058 https://support.microsoft.com/help/5063223 12039 5063223 5063221 https://www.microsoft.com/en-us/download/details.aspx?id=108334 5049233 12502 Yes Security Update 15.02.1748.036 https://support.microsoft.com/help/5063221 12502 5063221 5063224 https://www.microsoft.com/en-us/download/details.aspx?id=108335 16792 Yes Security Update 15.02.2562.020 https://support.microsoft.com/help/5063224 16792 5063224 <a href=" https://www.linkedin.com/in/sparks-benjamin/">Ben Sparks</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to be tricked into opening a malicious file in Visio.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office Visio Microsoft Yes CVE-2025-53730 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run <a href="https://x.com/c0d3nh4ck">c0d3nh4ck</a> with <a href="https://zscaler.com/">Zscaler&#39;s ThreatLabz</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-53741 Heap-based Buffer Overflow 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002752 https://www.microsoft.com/en-us/download/details.aspx?id=108313 5002740 10836 Maybe Security Update 16.0.10417.20034 https://support.microsoft.com/help/5002752 10836 5002752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002758 https://www.microsoft.com/en-us/download/details.aspx?id=108322 5002749 10739 10740 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002758 10739 10740 5002758 <a href="https://www.linkedin.com/in/boolgombear/">boolgombear</a> & Jmini 1.0 2025-08-12T07:00:00 <p>Information published.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-53759 Use of Uninitialized Resource 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 5002752 https://www.microsoft.com/en-us/download/details.aspx?id=108313 5002740 10836 Maybe Security Update 16.0.10417.20034 https://support.microsoft.com/help/5002752 10836 5002752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Jmini and <a href="https://www.linkedin.com/in/boolgombear">boolgombear</a> Jmini and <a href="https://www.linkedin.com/in/boolgombear">boolgombear</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> Microsoft SharePoint Elevation of Privilege Vulnerability <p>Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain the privileges of the compromised user.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-53760 Server-Side Request Forgery (SSRF) 10950 11585 11961 Elevation of Privilege 10950 Elevation of Privilege 11585 Elevation of Privilege 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 10950 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11585 7.1 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11961 5002771 https://www.microsoft.com/en-us/download/details.aspx?id=108317 5002760 10950 Maybe Security Update 16.0.5513.1002 https://support.microsoft.com/help/5002771 10950 5002771 5002771 https://support.microsoft.com/help/5002771 10950 5002769 https://www.microsoft.com/en-us/download/details.aspx?id=108312 5002754 11585 Maybe Security Update 16.0.10417.20041 https://support.microsoft.com/help/5002769 11585 5002769 5002769 https://support.microsoft.com/help/5002769 11585 5002773 https://www.microsoft.com/en-us/download/details.aspx?id=108314 5002768 11961 Maybe Security Update 16.0.18526.20518 https://support.microsoft.com/help/5002773 11961 5002773 5002773 https://support.microsoft.com/help/5002773 11961 <a href="https://www.linkedin.com/in/pszafirowski/">Paweł Szafirowski (Proximus)</a> with <a href="https://saphir.berlin/">Saphir CyberSecurity</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> 1.1 2025-08-13T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> Microsoft PowerPoint Remote Code Execution Vulnerability <p>Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office PowerPoint Microsoft Yes CVE-2025-53761 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 10741 10742 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10741 Remote Code Execution 10742 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10741 Important 10742 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002765 https://www.microsoft.com/en-us/download/details.aspx?id=108315 5002746 10741 10742 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002765 10741 10742 5002765 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> Microsoft SQL Server Elevation of Privilege Vulnerability <p>Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with explicit permissions could exploit the vulnerability by logging in to the SQL server and could then elevate their privileges to sysadmin.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain sysadmin privileges.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5063814</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4210.1</td> <td>16.0.4003.1 - 16.0.4205.1</td> <td>KB 5059390 - SQL2022 RTM CU20</td> </tr> <tr> <td>5063756</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1145.1</td> <td>16.0.1000.6 - 16.0.1140.6</td> <td>KB 5058712 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5063757</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4440.1</td> <td>15.0.4003.23 - 15.0.4435.7</td> <td>KB 5058722 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5063758</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2140.1</td> <td>15.0.2000.5 - 15.0.2135.5</td> <td>KB 5058713 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5063759</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3500.1</td> <td>14.0.3006.16 - 14.0.3495.9</td> <td>KB 5058714 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5063760</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2080.1</td> <td>14.0.1000.169 - 14.0.2075.8</td> <td>KB 5058716 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5063761</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7060.1</td> <td>13.0.7000.253 - 13.0.7055.9</td> <td>KB 5058717 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5063762</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6465.1</td> <td>13.0.6300.2 - 13.0.6460.7</td> <td>KB 5058718 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-24999 Improper Access Control 11478 11821 12048 12053 12145 12147 16785 16793 Elevation of Privilege 11478 Elevation of Privilege 11821 Elevation of Privilege 12048 Elevation of Privilege 12053 Elevation of Privilege 12145 Elevation of Privilege 12147 Elevation of Privilege 16785 Elevation of Privilege 16793 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 16785 Important 16793 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16785 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16793 5063760 https://www.microsoft.com/en-us/download/details.aspx?id=108330 5058716 11478 Maybe Security Update 14.0.2080.1 https://support.microsoft.com/help/5063760 11478 5063760 5063758 https://www.microsoft.com/en-us/download/details.aspx?id=108327 5058713 11821 Maybe Security Update 15.0.2140.1 https://support.microsoft.com/help/5063758 11821 5063758 5063762 https://www.microsoft.com/en-us/download/details.aspx?id=108329 5058718 12048 Maybe Security Update 13.0.6465.1 https://support.microsoft.com/help/5063762 12048 5063762 5063761 https://www.microsoft.com/en-us/download/details.aspx?id=108328 5058717 12053 Maybe Security Update 13.0.7060.1 https://support.microsoft.com/help/5063761 12053 5063761 5063759 https://www.microsoft.com/en-us/download/details.aspx?id=108331 5058714 12145 Maybe Security Update 14.0.3500.1 https://support.microsoft.com/help/5063759 12145 5063759 5063756 https://www.microsoft.com/en-us/download/details.aspx?id=108325 5058712 12147 Maybe Security Update 16.0.1145.1 https://support.microsoft.com/help/5063756 12147 5063756 5063757 https://www.microsoft.com/en-us/download/details.aspx?id=108326 5058714 16785 Maybe Security Update 15.0.4440.1 https://support.microsoft.com/help/5063757 16785 5063757 5063814 https://www.microsoft.com/en-us/download/details.aspx?id=108324 5059390 16793 Maybe Security Update 16.0.4210.1 https://support.microsoft.com/help/5063814 16793 5063814 <a href="https://sa.linkedin.com/in/emad-al-mousa-6462aa24">Emad Al-Mousa</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Web Deploy Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker could exploit the vulnerability by sending a malicious http request to the web server.</p> Web Deploy Microsoft Yes CVE-2025-53772 Deserialization of Untrusted Data 16794 Remote Code Execution 16794 Important 16794 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16794 Release Notes https://www.microsoft.com/en-us/download/details.aspx?id=106070 16794 Maybe Security Update 10.0.2001 https://www.microsoft.com/en-us/download/details.aspx?id=106070 16794 Release Notes <a href="https://x.com/int20z">Batuhan Er</a> with <a href="https://hawktrace.com/">HawkTrace</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> GitHub Copilot and Visual Studio Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> GitHub Copilot and Visual Studio Microsoft Yes CVE-2025-53773 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16767 Remote Code Execution 16767 Important 16767 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16767 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.14 16767 Maybe Security Update 17.14.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 16767 Release Notes <a href="https://twitter.com/wunderwuzzi23">Johann Rehberger</a> with https://embracethered.com/ <a href="https://x.com/marver">Markus Vervier</a> with <a href="https://persistent-security.net/">Persistent Security Industries GmbH</a> <a href="https://x.com/ari_maccarita">Ari Marzuk</a> with https://maccarita.com/ 1.0 2025-08-12T07:00:00 <p>Information published.</p> 1.1 2025-09-05T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 1.2 2025-09-08T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> Azure Virtual Machines Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Virtual Machines Microsoft No CVE-2025-53781 Exposure of Sensitive Information to an Unauthorized Actor 16796 16797 16798 16799 16804 16805 16806 16807 16808 16815 16814 Information Disclosure 16796 Information Disclosure 16797 Information Disclosure 16798 Information Disclosure 16799 Information Disclosure 16804 Information Disclosure 16805 Information Disclosure 16806 Information Disclosure 16807 Information Disclosure 16808 Information Disclosure 16815 Information Disclosure 16814 Critical 16796 Critical 16797 Critical 16798 Critical 16799 Critical 16804 Critical 16805 Critical 16806 Critical 16807 Critical 16808 Critical 16815 Critical 16814 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16796 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16797 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16798 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16799 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16804 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16805 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16806 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16807 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16808 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16815 7.7 6.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 16814 Microsoft Offensive Research &amp; Security Engineering 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability <p>On April 18th 2025, Microsoft announced <a href="https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833">Exchange Server Security Changes for Hybrid Deployments</a> and accompanying non-security <a href="https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471">Hot Fix</a>. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability within the organization’s cloud environment?</strong></p> <p>In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this scenario, successfully exploiting the vulnerability could enable an attacker to escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to first gain or possess administrator access on an Exchange Server.</p> <p><strong>Microsoft Exchange Server Subscription Edition RTM didn't exist in April when the hot fix was released. Why is it listed in the Security Updates Table?</strong></p> <p>Support for the dedicated Exchange hybrid app feature is already part of the initial release of the Exchange Server SE version. If you have already migrated to the newest version you already have this level of protection from the vulnerability. All you need to do is to follow the steps as outlined in the documentation to enable the feature and clear the certificates from the shared service principals keyCredentials.</p> <p><strong>Is there new information that I should be aware of?</strong></p> <p>Yes, please see this blog post for more information: <a href="https://techcommunity.microsoft.com/blog/vulnerability-management/mdvm-guidance-for-cve-2025-53786-exchange-hybrid-privilege-escalation/4442337">MDVM Guidance for CVE-2025-53786: Exchange Hybrid Privilege Escalation</a></p> <p><strong>What steps do I need to take to better protect my hybrid environment?</strong></p> <ol> <li><p>If you're using Exchange hybrid, install the <a href="https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471">Hot Fix</a> (or newer release) on your on-premises Exchange servers and follow the configuration instructions outlined in <a href="https://aka.ms/ConfigureExchangeHybridApplication-Docs">Deploy dedicated Exchange hybrid app</a>. For additional details, refer to <a href="https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833">Exchange Server Security Changes for Hybrid Deployments</a>. After completing the steps, be sure to <a href="https://aka.ms/ConfigureExchangeHybridApplication-Docs#service-principal-clean-up-mode">reset the service principal's keyCredentials</a>.</p> </li> <li><p>If you’ve previously configured Exchange hybrid or <a href="https://learn.microsoft.com/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help">OAuth authentication between Exchange Server and your Exchange Online organization</a> but no longer use it, make sure to <a href="https://aka.ms/ConfigureExchangeHybridApplication-Docs#service-principal-clean-up-mode">reset the service principal's keyCredentials</a>.</p> </li> </ol> Microsoft Exchange Server Microsoft Yes CVE-2025-53786 Improper Authentication 16792 12502 12039 12293 Elevation of Privilege 16792 Elevation of Privilege 12502 Elevation of Privilege 12039 Elevation of Privilege 12293 Important 16792 Important 12502 Important 12039 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 16792 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12502 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 8.0 7.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 5047155 https://www.microsoft.com/download/details.aspx?id=108244 16792 Yes Security Update 15.02.2562.017 http://support.microsoft.com/kb/5047155 16792 5047155 5050672 https://www.microsoft.com/en-us/download/details.aspx?id=108144 12502 Maybe Security Update 15.02.1748.024 http://support.microsoft.com/kb/KB5050672 12502 5050672 5050672 http://support.microsoft.com/kb/KB5050672 12502 5050674 https://www.microsoft.com/en-us/download/details.aspx?id=108147 12039 Maybe Security Update 15.01.2507.055 http://support.microsoft.com/kb/KB5050674 12039 5050674 5050674 http://support.microsoft.com/kb/KB5050674 12039 5050673 https://www.microsoft.com/en-us/download/details.aspx?id=108146 12293 Maybe Security Update 15.02.1544.025 http://support.microsoft.com/kb/KB5050673 12293 5050673 5050673 http://support.microsoft.com/kb/KB5050673 12293 <a href="https://twitter.com/_dirkjan">Dirk-jan Mollema</a> with <a href="https://outsidersecurity.nl/">Outsider Security</a> <a href="https://twitter.com/_dirkjan">Dirk-jan Mollema</a> with <a href="https://outsidersecurity.nl/">Outsider Security</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> 1.1 2025-08-13T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> Chromium: CVE-2025-8582 Insufficient validation of untrusted input in DOM <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8582 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:19 <p>Information published.</p> Chromium: CVE-2025-8581 Inappropriate implementation in Extensions <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8581 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:18 <p>Information published.</p> Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8580 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:17 <p>Information published.</p> Chromium: CVE-2025-8578 Use after free in Cast <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8578 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:15 <p>Information published.</p> Chromium: CVE-2025-8576 Use after free in Extensions <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8576 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:09 <p>Information published.</p> Chromium: CVE-2025-8882 Use after free in Aura <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.102</td> <td>8/15/2025</td> <td>139.0.7258.127/.128</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8882 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-15T07:00:46 <p>Information published.</p> Chromium: CVE-2025-8881 Inappropriate implementation in File Picker <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.102</td> <td>8/15/2025</td> <td>139.0.7258.127/.128</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8881 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-15T07:00:45 <p>Information published.</p> Chromium: CVE-2025-8901 Out of bounds write in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.102</td> <td>8/15/2025</td> <td>139.0.7258.127/.128</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8901 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-15T07:00:44 <p>Information published.</p> Chromium: CVE-2025-8880 Race in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.102</td> <td>8/15/2025</td> <td>139.0.7258.127/.128</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8880 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-15T07:00:44 <p>Information published.</p> Chromium: CVE-2025-8879 Heap buffer overflow in libaom <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.102</td> <td>8/15/2025</td> <td>139.0.7258.127/.128</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8879 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-15T07:00:40 <p>Information published.</p> Azure Databricks Elevation of Privilege Vulnerability <p>Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Databricks Microsoft No CVE-2025-53763 Improper Access Control 17083 Elevation of Privilege 17083 Critical 17083 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 17083 <a href="https://twitter.com/stargravy">Evan Grant</a> 1.0 2025-08-21T07:00:00 <p>Information published.</p> Microsoft PC Manager Elevation of Privilege Vulnerability <p>Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft PC Manager Microsoft No CVE-2025-53795 Improper Authorization 12441 Elevation of Privilege 12441 Critical 12441 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12441 Adri Bonilla Martin (k0x) 1.0 2025-08-21T07:00:00 <p>Information published.</p> Windows MBT Transport Driver Elevation of Privilege Vulnerability <p>Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows MBT Transport driver Microsoft Yes CVE-2025-55230 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12086 12243 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12085 12086 12243 5062552 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 12097 12098 12099 Yes Security Update 10.0.19045.6093 https://support.microsoft.com/help/5062554 12097 12098 12099 5062554 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12242 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12242 5062552 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-08-21T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2025, but the CVE was inadvertently omitted from the July 2025 Security Updates. This is an informational change only. Customers who have already installed the July 2025 updates do not need to take any further action.</p> 2.0 2025-08-26T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Microsoft Exchange Server Tampering Vulnerability <p>Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-25005 Improper Input Validation 12293 12039 12502 16792 Tampering 12293 Tampering 12039 Tampering 12502 Tampering 16792 Important 12293 Important 12039 Important 12502 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12293 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12039 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12502 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16792 5063222 https://www.microsoft.com/en-us/download/details.aspx?id=108336 5049233 12293 Yes Security Update 15.02.1544.033 https://support.microsoft.com/help/5063222 12293 5063222 5063223 https://www.microsoft.com/en-us/download/details.aspx?id=108333 5049233 12039 Yes Security Update 15.01.2507.058 https://support.microsoft.com/help/5063223 12039 5063223 5063221 https://www.microsoft.com/en-us/download/details.aspx?id=108334 5049233 12502 Yes Security Update 15.02.1748.036 https://support.microsoft.com/help/5063221 12502 5063221 5063224 https://www.microsoft.com/en-us/download/details.aspx?id=108335 16792 Yes Security Update 15.02.2562.020 https://support.microsoft.com/help/5063224 16792 5063224 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker could spoof incorrect <strong>5322.From</strong> email address that is displayed to a user.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-25006 Improper Handling of Additional Special Element 12502 12039 12293 16792 Spoofing 12502 Spoofing 12039 Spoofing 12293 Spoofing 16792 Important 12502 Important 12039 Important 12293 Important 16792 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12502 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12039 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12293 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 16792 5063221 https://www.microsoft.com/en-us/download/details.aspx?id=108334 5049233 12502 Yes Security Update 15.02.1748.036 https://support.microsoft.com/help/5063221 12502 5063221 5063223 https://www.microsoft.com/en-us/download/details.aspx?id=108333 5049233 12039 Yes Security Update 15.01.2507.058 https://support.microsoft.com/help/5063223 12039 5063223 5063222 https://www.microsoft.com/en-us/download/details.aspx?id=108336 5049233 12293 Yes Security Update 15.02.1544.033 https://support.microsoft.com/help/5063222 12293 5063222 5063224 https://www.microsoft.com/en-us/download/details.aspx?id=108335 16792 Yes Security Update 15.02.2562.020 https://support.microsoft.com/help/5063224 16792 5063224 <a href="https://www.linkedin.com/in/anna-breeva-51476b163/">Anna Breeva</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker could spoof incorrect <strong>5322.From</strong> email address that is displayed to a user.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-25007 Improper Validation of Syntactic Correctness of Input 16792 12039 12293 12502 Spoofing 16792 Spoofing 12039 Spoofing 12293 Spoofing 12502 Important 16792 Important 12039 Important 12293 Important 12502 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 16792 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12039 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12293 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12502 5063224 https://www.microsoft.com/en-us/download/details.aspx?id=108335 16792 Yes Security Update 15.02.2562.020 https://support.microsoft.com/help/5063224 16792 5063224 5063223 https://www.microsoft.com/en-us/download/details.aspx?id=108333 5049233 12039 Yes Security Update 15.01.2507.058 https://support.microsoft.com/help/5063223 12039 5063223 5063222 https://www.microsoft.com/en-us/download/details.aspx?id=108336 5049233 12293 Yes Security Update 15.02.1544.033 https://support.microsoft.com/help/5063222 12293 5063222 5063221 https://www.microsoft.com/en-us/download/details.aspx?id=108334 5049233 12502 Yes Security Update 15.02.1748.036 https://support.microsoft.com/help/5063221 12502 5063221 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-49743 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-49757 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062624 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062624 5061026 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23418 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062624 5062624 https://support.microsoft.com/help/5062624 9312 10287 9318 9344 5062618 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062618 9312 10287 9318 9344 Yes Security Only 6.0.6003.23418 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062618 5062618 https://support.microsoft.com/help/5062618 9312 10287 9318 9344 5062632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062632 5061078 10051 10049 Yes Monthly Rollup 6.1.7601.27820 https://support.microsoft.com/help/5062632 10051 10049 5062632 5062619 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062619 10051 10049 Yes Security Only 6.1.7601.27820 https://support.microsoft.com/help/5062619 10051 10049 5062619 5062592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062592 5061059 10378 10379 Yes Monthly Rollup 6.2.9200.25573 https://support.microsoft.com/help/5062592 10378 10379 5062592 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2025, but the CVE was inadvertently omitted from the July 2025 Security Updates. This is an informational change only. Customers who have already installed the July 2025 updates do not need to take any further action.</p> Microsoft SQL Server Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could inject arbitrary T-SQL commands by crafting a malicious database name.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5063814</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4210.1</td> <td>16.0.4003.1 - 16.0.4205.1</td> <td>KB 5059390 - SQL2022 RTM CU20</td> </tr> <tr> <td>5063756</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1145.1</td> <td>16.0.1000.6 - 16.0.1140.6</td> <td>KB 5058712 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5063757</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4440.1</td> <td>15.0.4003.23 - 15.0.4435.7</td> <td>KB 5058722 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5063758</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2140.1</td> <td>15.0.2000.5 - 15.0.2135.5</td> <td>KB 5058713 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5063759</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3500.1</td> <td>14.0.3006.16 - 14.0.3495.9</td> <td>KB 5058714 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5063760</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2080.1</td> <td>14.0.1000.169 - 14.0.2075.8</td> <td>KB 5058716 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5063761</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7060.1</td> <td>13.0.7000.253 - 13.0.7055.9</td> <td>KB 5058717 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5063762</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6465.1</td> <td>13.0.6300.2 - 13.0.6460.7</td> <td>KB 5058718 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-49759 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 11478 11821 12048 12053 12145 12147 16793 16785 Elevation of Privilege 11478 Elevation of Privilege 11821 Elevation of Privilege 12048 Elevation of Privilege 12053 Elevation of Privilege 12145 Elevation of Privilege 12147 Elevation of Privilege 16793 Elevation of Privilege 16785 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 16793 Important 16785 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16793 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16785 5063760 https://www.microsoft.com/en-us/download/details.aspx?id=108330 5058716 11478 Maybe Security Update 14.0.2080.1 https://support.microsoft.com/help/5063760 11478 5063760 5063758 https://www.microsoft.com/en-us/download/details.aspx?id=108327 5058713 11821 Maybe Security Update 15.0.2140.1 https://support.microsoft.com/help/5063758 11821 5063758 5063762 https://www.microsoft.com/en-us/download/details.aspx?id=108329 5058718 12048 Maybe Security Update 13.0.6465.1 https://support.microsoft.com/help/5063762 12048 5063762 5063761 https://www.microsoft.com/en-us/download/details.aspx?id=108328 5058717 12053 Maybe Security Update 13.0.7060.1 https://support.microsoft.com/help/5063761 12053 5063761 5063759 https://www.microsoft.com/en-us/download/details.aspx?id=108331 5058714 12145 Maybe Security Update 14.0.3500.1 https://support.microsoft.com/help/5063759 12145 5063759 5063756 https://www.microsoft.com/en-us/download/details.aspx?id=108325 5058712 12147 Maybe Security Update 16.0.1145.1 https://support.microsoft.com/help/5063756 12147 5063756 5063814 https://www.microsoft.com/en-us/download/details.aspx?id=108324 5059390 16793 Maybe Security Update 16.0.4210.1 https://support.microsoft.com/help/5063814 16793 5063814 5063757 https://www.microsoft.com/en-us/download/details.aspx?id=108326 5058714 16785 Maybe Security Update 15.0.4440.1 https://support.microsoft.com/help/5063757 16785 5063757 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel Microsoft Yes CVE-2025-49761 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-49762 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Desktop Window Manager Elevation of Privilege Vulnerability <p>Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could an attacker gain with successful exploitation?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process.</p> <p>This could lead to further system compromise and unauthorized actions within the network.</p> Desktop Window Manager Microsoft Yes CVE-2025-50153 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Varun Goel 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Windows File Explorer Spoofing Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to be tricked into opening a folder that contains a specially crafted file.</p> Windows File Explorer Microsoft Yes CVE-2025-50154 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Lucas Miller of Trend Research <a href="https://linkedin.com/in/ruben-en">Ruben Enkaoua</a> with <a href="https://cymulate.com/">Cymulate</a> 1.1 2025-09-17T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> 1.2 2025-10-16T07:00:00 <p>Updated an acknowledgement. This is an informational change only.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-50156 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows NTFS Information Disclosure Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.</p> Windows NTFS Microsoft Yes CVE-2025-50158 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11568 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11569 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11571 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11572 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11923 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11924 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11929 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11930 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11931 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12085 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12086 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12097 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12098 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12099 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12437 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12242 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12243 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12244 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12389 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12390 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12436 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.0 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability <p>Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An administrative user must be convinced to open a malicious COM object like an .rtf file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Remote Access Point-to-Point Protocol (PPP) EAP-TLS Microsoft Yes CVE-2025-50159 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://www.linkedin.com/in/halrubaye/">Hussein Aurbyae</a> with Microsoft 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-50160 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-50161 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Arnaud Lubin 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-50162 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-50163 Heap-based Buffer Overflow Out-of-bounds Read 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-50164 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, attack vector is (AV:N) and user interaction is none (UI:N). What does that mean for this vulnerability?</strong></p> <p>This can happen without user intervention. An attacker can use an uninitialized function pointer being called when decoding a JPEG image. This can be embedded in Office and 3rd party documents/files</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-50165 Untrusted Pointer Dereference Use of Uninitialized Resource 12437 12389 12390 12436 Remote Code Execution 12437 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Critical 12437 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 <a href="https://www.linkedin.com/in/4n0nym4u5/">4n0nym4u5</a> with <a href="https://www.zscaler.com/">Zscaler</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability <p>Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Windows Distributed Transaction Coordinator Microsoft Yes CVE-2025-50166 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-50167 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10735 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Chen Le Qi (<a href=https://x.com/cplearns2h4ck>@cplearns2h4ck</a>) of STAR Labs SG Pte. Ltd. (<a href=https://x.com/starlabs_sg>@starlabs_sg</a>) with Trend Zero Day Initiative Chen Le Qi (<a href=https://x.com/cplearns2h4ck>@cplearns2h4ck</a>) of STAR Labs SG Pte. Ltd. (<a href=https://x.com/starlabs_sg>@starlabs_sg</a>) with Trend Zero Day Initiative 1.0 2025-08-12T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - ICOMP Microsoft Yes CVE-2025-50168 Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 Hyeonjin Choi (@d4m0n_8) of Out Of Bounds with Trend Zero Day Initiative 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows SMB Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows SMB Microsoft Yes CVE-2025-50169 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Double Free 12437 12389 12390 12436 Remote Code Execution 12437 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p>Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-50170 Improper Handling of Insufficient Permissions or Privileges 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 <a href="https://x.com/cplearns2h4ck">Chen Le Qi (@cplearns2h4ck)</a> with <a href="https://starlabs.sg/">STAR Labs SG Pte. Ltd.</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Remote Desktop Spoofing Vulnerability <p>Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.</p> Remote Desktop Server Microsoft Yes CVE-2025-50171 Missing Authorization 11923 11924 11929 11930 11931 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 Philemon Orphee Favrod with Microsoft Ray Reskusich with Microsoft 1.0 2025-08-12T07:00:00 <p>Information published.</p> DirectX Graphics Kernel Denial of Service Vulnerability <p>Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.</p> Windows DirectX Microsoft Yes CVE-2025-50172 Allocation of Resources Without Limits or Throttling 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 cyanbamboo and b2ahex 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Installer Elevation of Privilege Vulnerability <p>Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2025-50173 Weak Authentication 20468 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 20468 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 20468 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20468 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-multimedia-redirection 20468 Maybe Security Update 1.0.2507.21006 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-multimedia-redirection 20468 Release Notes 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://de.linkedin.com/in/shadi-habbal">Shadi Habbal</a> with <a href="https://www.tuv.com/informationsecurity">T&#220;V Rheinland i-sec GmbH</a> <a href="https://infosec.exchange/@jagotu">JaGoTu</a> with <a href="https://www.dcit.cz/">DCIT, a.s.</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> 2.0 2025-10-14T07:00:00 <p>In the Security Update table, added Multimedia Redirection Installer as it is also affected by this vulnerability. Microsoft recommends that customers using Multimedia Redirection Installer install the update to be fully protected from the vulnerability.</p> DirectX Graphics Kernel Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Graphics Kernel Microsoft Yes CVE-2025-50176 Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow 11923 11924 12085 12086 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Critical 11923 Critical 11924 Critical 12085 Critical 12086 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 b2ahex cyanbamboo 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p>Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would need to send a series of specially crafted MSMQ packets in a rapid sequence over HTTP to a MSMQ server.</p> <p>This could result in remote code execution on the server side.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> Windows Message Queuing Microsoft Yes CVE-2025-50177 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Media Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.</p> Windows Media Microsoft Yes CVE-2025-53131 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 Kai Lu of Palo Alto Networks 1.0 2025-08-12T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-53132 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 goodbyeselene with Trend Zero Day Initiative goodbyeselene with Trend Zero Day Initiative Anonymous goodbyeselene with Trend Zero Day Initiative 2.0 2025-09-30T07:00:00 <p>Updated information to include CVSS scores. This is an informational change only.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability <p>Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows PrintWorkflowUserSvc Microsoft Yes CVE-2025-53133 Use After Free 12437 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 <a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> <a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a> <a href="https://www.linkedin.com/in/seongheunh/">Seongheun Hong (seongheunh)</a> with <a href="https://security.ajou.ac.kr/security/index.do">Ajou University</a> Pwnforr777 Hwiwon Lee (hwiwonl), SEC-agent&#160;team Taewoo (Tae_ω02) 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-53134 Time-of-check Time-of-use (TOCTOU) Race Condition Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> DirectX Graphics Kernel Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DirectX Microsoft Yes CVE-2025-53135 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 cyanbamboo and b2ahex 1.0 2025-08-12T07:00:00 <p>Information published.</p> NT OS Kernel Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Windows NT OS Kernel Microsoft Yes CVE-2025-53136 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/tykawaii98">Bùi Quang Hiếu (@tykawaii98)</a> with <a href="https://www.crowdfense.com/">Crowdfense</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-53137 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53138 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Kernel Transaction Manager Elevation of Privilege Vulnerability <p>Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Kernel Transaction Manager Microsoft Yes CVE-2025-53140 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-53141 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Marat Gayanov with Positive Technologies 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-53142 Use After Free 12085 12086 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12085 Important 12086 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 ChenJian with <a href="https://www.sea.com/security">Sea Security Orca Team</a> hazard hazard 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.</p> Windows Message Queuing Microsoft Yes CVE-2025-53143 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.</p> Windows Message Queuing Microsoft Yes CVE-2025-53144 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.</p> Windows Message Queuing Microsoft Yes CVE-2025-53145 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-53147 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53148 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Kernel Streaming WOW Thunk Service Driver Microsoft Yes CVE-2025-53149 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://www.linkedin.com/in/aleksandr-koshelev-30b34b171/">Aleksandr Koshelev</a> from <a href="https://www.crowdfense.com/">Crowdfense</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> Windows Kernel Microsoft Yes CVE-2025-53151 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 hazard 1.0 2025-08-12T07:00:00 <p>Information published.</p> Desktop Windows Manager Remote Code Execution Vulnerability <p>Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word &quot;Remote&quot; in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to create a window and intentionally cause it to hang. This could be used to exploit the GhostWindow object use-after-free (UAF) vulnerability in the DWM process on the victim's system.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to have obtained low privileged code execution on target host first.</p> Desktop Window Manager Microsoft Yes CVE-2025-53152 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Varun Goel 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53153 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-53154 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://x.com/dungnm_">dungnm</a> with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could create a crafted vhdx file and can call the vhdmp api with vhdx as one of the arguments.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-53155 Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10735 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Do Manh Dung & Nguyen Dang Nguyen of STAR Labs SG Pte. Ltd. (<a href=https://x.com/starlabs_sg>@starlabs_sg</a>) working with Trend Zero Day Initiative Do Manh Dung & Nguyen Dang Nguyen of STAR Labs SG Pte. Ltd. (<a href=https://x.com/starlabs_sg>@starlabs_sg</a>) working with Trend Zero Day Initiative 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Storage Port Driver Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Storage Port Driver Microsoft Yes CVE-2025-53156 Exposure of Sensitive Information to an Unauthorized Actor 12437 12244 12389 12390 12436 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 12437 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 Anonymous DEVCORE - Angelboy (@scwuaptx) from DEVCORE Research Team with Trend Zero Day Initiative 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability <p>Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.</p> Windows Local Security Authority Subsystem Service (LSASS) Microsoft Yes CVE-2025-53716 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p>Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2025-53718 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://x.com/dungnm_">dungnm</a> with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53719 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-53720 Heap-based Buffer Overflow 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12244 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Connected Devices Platform Service Elevation of Privilege Vulnerability <p>Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.</p> Windows Connected Devices Platform Service Microsoft Yes CVE-2025-53721 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com/">Hillstone Network Security Research Institute</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Remote Desktop Services Denial of Service Vulnerability <p>Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.</p> Windows Remote Desktop Services Microsoft Yes CVE-2025-53722 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12437 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://bsky.app/profile/hexnomad.bsky.social">Erik Egsgard</a> with <a href="https://fieldeffect.com/">Field Effect</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p>Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-53723 Numeric Truncation Error Heap-based Buffer Overflow 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10735 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12085 Important 12086 Important 12097 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10735 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Chen Le Qi (<a href=https://x.com/cplearns2h4ck>@cplearns2h4ck</a>) of STAR Labs SG Pte. Ltd. (<a href=https://x.com/starlabs_sg>@starlabs_sg</a>) with Trend Zero Day Initiative pwnky 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Push Notifications Apps Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2025-53724 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Push Notifications Apps Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2025-53725 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Push Notifications Apps Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows Push Notifications Microsoft Yes CVE-2025-53726 Access of Resource Using Incompatible Type ('Type Confusion') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker, and navigate to a malicious site where malicious code would execute a series of specially crafted queries.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.</p> Microsoft Dynamics 365 (on-premises) Microsoft Yes CVE-2025-53728 Exposure of Sensitive Information to an Unauthorized Actor 11921 Information Disclosure 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11921 5064483 https://www.microsoft.com/en-us/download/details.aspx?id=108332 11921 Maybe Security Update 9.1.39 https://support.microsoft.com/help/5064483 11921 5064483 Ha Anh Hoang with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft SQL Server Elevation of Privilege Vulnerability <p>Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could use the unsanitized parameter into a SQL query to trigger SQL Injection.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain sysadmin privileges.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Version</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5063814</td> <td>Security update for SQL Server 2022 CU20+GDR</td> <td>16.0.4210.1</td> <td>16.0.4003.1 - 16.0.4205.1</td> <td>KB 5059390 - SQL2022 RTM CU20</td> </tr> <tr> <td>5063756</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1145.1</td> <td>16.0.1000.6 - 16.0.1140.6</td> <td>KB 5058712 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5063757</td> <td>Security update for SQL Server 2019 CU32+GDR</td> <td>15.0.4440.1</td> <td>15.0.4003.23 - 15.0.4435.7</td> <td>KB 5058722 - Previous SQL2019 RTM CU32 GDR</td> </tr> <tr> <td>5063758</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2140.1</td> <td>15.0.2000.5 - 15.0.2135.5</td> <td>KB 5058713 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5063759</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3500.1</td> <td>14.0.3006.16 - 14.0.3495.9</td> <td>KB 5058714 - Previous SQL2017 RTM CU31 GDR</td> </tr> <tr> <td>5063760</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.2080.1</td> <td>14.0.1000.169 - 14.0.2075.8</td> <td>KB 5058716 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5063761</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7060.1</td> <td>13.0.7000.253 - 13.0.7055.9</td> <td>KB 5058717 - Previous SQL2016 Azure Connect Feature Pack GDR</td> </tr> <tr> <td>5063762</td> <td>Security update for SQL Server 2016 SP3 RTM+GDR</td> <td>13.0.6465.1</td> <td>13.0.6300.2 - 13.0.6460.7</td> <td>KB 5058718 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2025-47954 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 12147 16793 Elevation of Privilege 12147 Elevation of Privilege 16793 Important 12147 Important 16793 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16793 5063756 https://www.microsoft.com/en-us/download/details.aspx?id=108325 5058712 12147 Maybe Security Update 16.0.1145.1 https://support.microsoft.com/help/5063756 12147 5063756 5063814 https://www.microsoft.com/en-us/download/details.aspx?id=108324 5059390 16793 Maybe Security Update 16.0.4210.1 https://support.microsoft.com/help/5063814 16793 5063814 <a href="https://www.linkedin.com/in/fabianoamorim/">Fabiano Amorim</a> with <a href="https://pythian.com/">Pythian</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office Microsoft Yes CVE-2025-53731 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002756 https://www.microsoft.com/en-us/download/details.aspx?id=108321 5002742 10753 10754 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002756 10753 10754 5002756 0x140ce[LLMole] 1.0 2025-08-12T07:00:00 <p>Information published.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> Microsoft Office Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Microsoft Yes CVE-2025-53732 Heap-based Buffer Overflow 12155 12156 Remote Code Execution 12155 Remote Code Execution 12156 Important 12155 Important 12156 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19127.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.22618 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Release Notes Arnaud Lubin 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-53733 Incorrect Conversion between Numeric Types 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Critical 10950 Critical 11585 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10746 Critical 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002771 https://www.microsoft.com/en-us/download/details.aspx?id=108317 5002760 10950 Maybe Security Update 16.0.5513.1002 https://support.microsoft.com/help/5002771 10950 5002771 5002771 https://support.microsoft.com/help/5002771 10950 5002772 https://www.microsoft.com/en-us/download/details.aspx?id=108319 5002759 10950 Maybe Security Update 16.0.5513.1002 https://support.microsoft.com/help/5002772 10950 5002772 5002769 https://www.microsoft.com/en-us/download/details.aspx?id=108312 5002754 11585 Maybe Security Update 16.0.10417.20041 https://support.microsoft.com/help/5002769 11585 5002769 5002769 https://support.microsoft.com/help/5002769 11585 5002770 https://www.microsoft.com/en-us/download/details.aspx?id=108320 5002753 11585 Maybe Security Update 16.0.10417.20041 https://support.microsoft.com/help/5002770 11585 5002770 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002763 https://www.microsoft.com/en-us/download/details.aspx?id=108318 5002745 10746 10747 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002763 10746 10747 5002763 cdbb6164ddfda2b210fd348442322115 1.0 2025-08-12T07:00:00 <p>Information published.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user would need to be tricked into opening a malicious file in Visio.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Office Visio Microsoft Yes CVE-2025-53734 Use After Free 11573 11574 11762 11763 11952 11953 12420 12421 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run <a href="https://x.com/c0d3nh4ck">c0d3nh4ck</a> with <a href="https://zscaler.com/">Zscaler&#39;s ThreatLabz</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Excel Microsoft Yes CVE-2025-53735 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002752 https://www.microsoft.com/en-us/download/details.aspx?id=108313 5002740 10836 Maybe Security Update 16.0.10417.20034 https://support.microsoft.com/help/5002752 10836 5002752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002758 https://www.microsoft.com/en-us/download/details.aspx?id=108322 5002749 10739 10740 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002758 10739 10740 5002758 <a href="https://twitter.com/edwardzpeng">wh1tc &amp; Zhiniang Peng</a> with HUST 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Word Information Disclosure Vulnerability <p>Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-53736 Buffer Over-read 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 11573 Information Disclosure 11574 Information Disclosure 11762 Information Disclosure 11763 Information Disclosure 11951 Information Disclosure 11952 Information Disclosure 11953 Information Disclosure 12420 Information Disclosure 12421 Information Disclosure 12440 Information Disclosure 10746 Information Disclosure 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10950 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11585 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11573 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11574 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11762 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11763 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11951 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11952 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 11953 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12420 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12421 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 12440 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10746 6.8 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C 10747 5002771 https://www.microsoft.com/en-us/download/details.aspx?id=108317 5002760 10950 Maybe Security Update 16.0.5513.1002 https://support.microsoft.com/help/5002771 10950 5002771 5002771 https://support.microsoft.com/help/5002771 10950 5002772 https://www.microsoft.com/en-us/download/details.aspx?id=108319 5002759 10950 Maybe Security Update 16.0.5513.1002 https://support.microsoft.com/help/5002772 10950 5002772 5002769 https://www.microsoft.com/en-us/download/details.aspx?id=108312 5002754 11585 Maybe Security Update 16.0.10417.20041 https://support.microsoft.com/help/5002769 11585 5002769 5002769 https://support.microsoft.com/help/5002769 11585 5002770 https://www.microsoft.com/en-us/download/details.aspx?id=108320 5002753 11585 Maybe Security Update 16.0.10417.20041 https://support.microsoft.com/help/5002770 11585 5002770 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002763 https://www.microsoft.com/en-us/download/details.aspx?id=108318 5002745 10746 10747 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002763 10746 10747 5002763 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab, devoke, Zhiniang Peng</a> with HUST <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab, devoke, Zhiniang Peng</a> with HUST 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-53737 Heap-based Buffer Overflow 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002752 https://www.microsoft.com/en-us/download/details.aspx?id=108313 5002740 10836 Maybe Security Update 16.0.10417.20034 https://support.microsoft.com/help/5002752 10836 5002752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002758 https://www.microsoft.com/en-us/download/details.aspx?id=108322 5002749 10739 10740 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002758 10739 10740 5002758 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Word Microsoft Yes CVE-2025-53738 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002763 https://www.microsoft.com/en-us/download/details.aspx?id=108318 5002745 10746 10747 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002763 10746 10747 5002763 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2025-53739 Access of Resource Using Incompatible Type ('Type Confusion') 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002752 https://www.microsoft.com/en-us/download/details.aspx?id=108313 5002740 10836 Maybe Security Update 16.0.10417.20034 https://support.microsoft.com/help/5002752 10836 5002752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002758 https://www.microsoft.com/en-us/download/details.aspx?id=108322 5002749 10739 10740 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002758 10739 10740 5002758 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab, devoke &amp; Zhiniang Peng</a> with HUST <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab, devoke &amp; Zhiniang Peng</a> with HUST 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Microsoft Yes CVE-2025-53740 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Critical 11573 Critical 11574 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Critical 10753 Critical 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002756 https://www.microsoft.com/en-us/download/details.aspx?id=108321 5002742 10753 10754 Maybe Security Update 16.0.5513.1000 https://support.microsoft.com/help/5002756 10753 10754 5002756 Li Shuang, willJ, and Guang Gong with the Vulnerability Research Institute 1.1 2025-08-18T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Azure Stack Hub Information Disclosure Vulnerability <p>Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>This vulnerability could disclose administrator account passwords in the logs.</p> Azure Stack Microsoft Yes CVE-2025-53765 Exposure of Private Personal Information to an Unauthorized Actor 11950 Information Disclosure 11950 Important 11950 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11950 Release Notes https://aka.ms/appsvcupdate25R1installer 11950 No Security Update 102.10.2.11 https://learn.microsoft.com/en-us/azure-stack/operator/app-service-release-notes-2025r1?view=azs-2501&tabs=EntraID 11950 Release Notes Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> GDI+ Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability?</strong></p> <p>An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation of this vulnerability could cause Remote Code Execution or Information Disclosure on web services that are parsing documents that contain a specially crafted metafile, without the involvement of a victim user.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit the vulnerability?</strong></p> <p>An attacker could trigger this vulnerability by convincing a victim to download and open a document that contains a specially crafted metafile. In the worst-case scenario, an attacker could trigger this vulnerability on web services by uploading documents containing a specially crafted metafile (AV:N) without user interaction. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Windows GDI+ Microsoft Yes CVE-2025-53766 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12155 12156 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12155 Remote Code Execution 12156 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12155 Critical 12156 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12156 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19127.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Maybe Security Update 16.0.14326.22618 https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f 12156 Release Notes <a href="https://x.com/gaborseljan">Gábor Selján</a> with <a href="https://research.checkpoint.com/">Check Point Research</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Security App Spoofing Vulnerability <p>External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.</p> Windows Security App Microsoft Yes CVE-2025-53769 External Control of File Name or Path 16766 Spoofing 16766 Important 16766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16766 16766 No Security Update 1000.27840.1000.0 https://support.microsoft.com/en-us/windows/stay-protected-with-the-windows-security-app-2ae0363d-0ada-c064-8b56-6a39afb6a963 16766 <a href="https://twitter.com/bohops">Jimmy Bayne of IBM X-Force</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-50157 Use of Uninitialized Resource 11571 11572 11923 11924 12437 12244 12436 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12437 Information Disclosure 12244 Information Disclosure 12436 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12244 Important 12436 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.7 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Anonymous 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Push Notifications Apps Elevation of Privilege Vulnerability <p>Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.</p> Windows Push Notifications Microsoft Yes CVE-2025-50155 Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 Zhiniang Peng with HUST &amp; R4nger with CyberKunLun 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows NTLM Elevation of Privilege Vulnerability <p>Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows NTLM Microsoft Yes CVE-2025-53778 Improper Authentication 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5063877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063877 5062557 11568 11569 11571 11572 Yes Security Update 10.0.17763.7678 https://support.microsoft.com/help/5063877 11568 11569 11571 11572 5063877 5063880 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063880 5062572 11923 11924 Yes Security Update 10.0.20348.4052 https://support.microsoft.com/help/5063880 11923 11924 5063880 5063812 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063812 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3989 https://support.microsoft.com/help/5063812 11923 11924 5063812 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 11929 11930 11931 Yes Security Update 10.0.19044.6216 https://support.microsoft.com/help/5063709 11929 11930 11931 5063709 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12085 12086 Yes Security Update 10.0.22621.5768 https://support.microsoft.com/help/5063875 12085 12086 5063875 5063875 https://support.microsoft.com/help/5063875 12085 12086 12242 12243 5063709 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063709 5062554 12097 12098 12099 Yes Security Update 10.0.19045.6216 https://support.microsoft.com/help/5063709 12097 12098 12099 5063709 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12389 12390 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12389 12390 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12389 12390 12436 5064010 5063875 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063875 5062552 12242 12243 Yes Security Update 10.0.22631.5768 https://support.microsoft.com/help/5063875 12242 12243 5063875 5063899 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063899 5062570 12244 Yes Security Update 10.0.25398.1791 https://support.microsoft.com/help/5063899 12244 5063899 5063889 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063889 5062561 10729 10735 Yes Security Update 10.0.10240.21100 https://support.microsoft.com/help/5063889 10729 10735 5063889 5063871 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063871 5062560 10852 10853 10816 10855 Yes Security Update 10.0.14393.8330 https://support.microsoft.com/help/5063871 10852 10853 10816 10855 5063871 5063888 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063888 5062624 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23471 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063888 5063888 https://support.microsoft.com/help/5063888 9312 10287 9318 9344 5063948 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063948 9312 10287 9318 9344 Yes Security Only 6.0.6003.23471 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063948 5063948 https://support.microsoft.com/help/5063948 9312 10287 9318 9344 5063947 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063947 5062632 10051 10049 Yes Monthly Rollup 6.1.7601.27872 https://support.microsoft.com/help/5063947 10051 10049 5063947 5063927 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063927 10051 10049 Yes Security Only 6.1.7601.27872 https://support.microsoft.com/help/5063927 10051 10049 5063927 5063906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063906 5062592 10378 10379 Yes Monthly Rollup 6.2.9200.25622 https://support.microsoft.com/help/5063906 10378 10379 5063906 5063950 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063950 5062597 10483 10543 Yes Monthly Rollup 6.3.9600.22725 https://support.microsoft.com/help/5063950 10483 10543 5063950 <a href="https://twitter.com/d1iv3">Tianze Ding (@D1iv3)</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p>Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker would need to have elevated access to certain attributes of the dMSA, specifically:</p> <ul> <li>msds-groupMSAMembership: This attribute allows the user to utilize the dMSA.</li> <li>msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.</li> </ul> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Windows Kerberos Microsoft Yes CVE-2025-53779 Relative Path Traversal 12437 12436 Elevation of Privilege 12437 Elevation of Privilege 12436 Moderate 12437 Moderate 12436 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12437 7.2 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12436 5063878 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5063878 5062553 12437 12436 Yes Security Update 10.0.26100.4946 https://support.microsoft.com/help/5063878 12437 12436 5063878 5063878 https://support.microsoft.com/help/5063878 12437 12436 5064010 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5064010 12437 12436 Yes SecurityHotpatchUpdate 10.0.26100.4851 https://support.microsoft.com/help/5064010 12437 12436 5064010 <a href="https://x.com/yug0rd">Yuval Gordon</a> with Akamai 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Teams Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.</p> Microsoft Teams Microsoft Yes CVE-2025-53783 Heap-based Buffer Overflow 16800 16802 16803 16801 12007 11858 12182 12216 Remote Code Execution 16800 Remote Code Execution 16802 Remote Code Execution 16803 Remote Code Execution 16801 Remote Code Execution 12007 Remote Code Execution 11858 Remote Code Execution 12182 Remote Code Execution 12216 Important 16800 Important 16802 Important 16803 Important 16801 Important 12007 Important 11858 Important 12182 Important 12216 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16800 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16802 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16803 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16801 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12007 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11858 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12182 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12216 Release Notes 16800 Maybe Security Update 316.2505.28001 https://learn.microsoft.com/en-us/dynamics365/mixed-reality/remote-assist/whats-new#june-10-2025 16800 Release Notes Release Notes 16802 Maybe Security Update 1449/1.0.97.2025102203 https://learn.microsoft.com/en-us/microsoftteams/devices/devices-release-notes?tabs=panels#tabpanel_1_panels 16802 Release Notes Release Notes 16803 Maybe Security Update 1449/1.0.94.2025168802 https://learn.microsoft.com/en-us/microsoftteams/devices/devices-release-notes?tabs=phones#tabpanel_1_panels 16803 Release Notes Release Notes 16801 Maybe Security Update 907.2505.29001.0 https://learn.microsoft.com/en-us/dynamics365/mixed-reality/guides/new#june-10-2025 16801 Release Notes Release Notes https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Maybe Security Update 1416/1.0.0.2025102802 https://play.google.com/store/apps/details?id=com.microsoft.teams 12007 Release Notes Release Notes https://apps.apple.com/us/app/microsoft-teams/id1113153706 11858 Maybe Security Update 7.10.1 (100772025102901) https://apps.apple.com/us/app/microsoft-teams/id1113153706 11858 Release Notes Release Notes https://docs.microsoft.com/en-us/microsoftteams/teams-client-update 12182 Maybe Security Update 25122.1415.3698.6812 https://docs.microsoft.com/en-us/microsoftteams/teams-client-update 12182 Release Notes Release Notes 12216 No Security Update 25122.1207.3700.1444 https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning 12216 Release Notes Anonymous working with Trend Zero Day Initiative 1.0 2025-08-12T07:00:00 <p>Information published.</p> 1.1 2025-10-30T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Word Microsoft Yes CVE-2025-53784 Use After Free 11762 11763 11951 11952 11953 12420 12421 12440 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Critical 11762 Critical 11763 Critical 11951 Critical 11952 Critical 11953 Critical 12420 Critical 12421 Critical 12440 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 Click to Run 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.100.25081015 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 2.0 2025-10-16T07:00:00 <p>Revised the packages to include Download Center ID for this vulnerability.</p> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability <p>Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Subsystem for Linux Microsoft Yes CVE-2025-53788 Time-of-check Time-of-use (TOCTOU) Race Condition 12069 Elevation of Privilege 12069 Important 12069 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12069 Release Notes https://github.com/microsoft/WSL/releases 12069 Maybe Security Update 2.5.10 https://github.com/microsoft/WSL/releases 12069 Release Notes <a href="https://twitter.com/thezdi">Nitesh Surana (niteshsurana.com) and Nelson William Gamazo Sanchez of Trend Research</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows StateRepository API Server file Elevation of Privilege Vulnerability <p>Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker would gain the rights of the user that is running the affected application.</p> Windows StateRepository API Microsoft Yes CVE-2025-53789 Missing Authentication for Critical Function 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062554 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062554 5060533 11929 11930 11931 12097 12098 12099 Yes Security Update 10.0.19044.6093 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062554 5062554 https://support.microsoft.com/help/5062554 11929 11930 11931 12097 12098 12099 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12085 12242 Yes Security Update 10.0.22631.5624 https://support.microsoft.com/help/5062552 12085 12242 5062552 5062552 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062552 5060999 12086 12243 Yes Security Update 10.0.22621.5624 https://support.microsoft.com/help/5062552 12086 12243 5062552 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12389 12390 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12389 12390 12436 5062570 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062570 5060118 12244 Yes Security Update 10.0.25398.1732 https://support.microsoft.com/help/5062570 12244 5062570 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 R4nger with CyberKunLun &amp; Zhiniang Peng with HUST 1.0 2025-08-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2025, but the CVE was inadvertently omitted from the July 2025 Security Updates. This is an informational change only. Customers who have already installed the July 2025 updates do not need to take any further action.</p> Azure Stack Hub Information Disclosure Vulnerability <p>Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>System internal configuration could be disclosed by this vulnerability.</p> <p><strong>What should users do to protect themselves?</strong></p> <p>Users can follow the instructions in the release notes to update the Azure Stack Hub environment to latest version 1.2501.1.47.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Azure Stack Microsoft Yes CVE-2025-53793 Improper Authentication Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 16812 16813 16811 Information Disclosure 16812 Information Disclosure 16813 Information Disclosure 16811 Critical 16812 Critical 16813 Critical 16811 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16812 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16813 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 16811 Release Notes https://azurestackhub.download.prss.microsoft.com/dbazure/download/MAS_ProdHotfix_1.2408.1.50/HotFix/AzS_Update_1.2408.1.50.zip 16812 No Security Update 1.2408.1.50 https://learn.microsoft.com/en-us/azure-stack/operator/hotfix-1-2408-1-50?view=azs-2501 16812 Release Notes Release Notes https://azurestackhub.download.prss.microsoft.com/dbazure/download/MAS_ProdHotfix_1.2408.1.50/HotFix/metadata.xml 16812 No Security Update 1.2408.1.50 https://learn.microsoft.com/en-us/azure-stack/operator/hotfix-1-2408-1-50?view=azs-2501 16812 Release Notes Release Notes https://azurestackhub.download.prss.microsoft.com/dbazure/download/MAS_ProdHotfix_1.2406.1.23/HotFix/AzS_Update_1.2406.1.23.zip 16813 No Security Update 1.2406.1.23 https://learn.microsoft.com/en-us/azure-stack/operator/hotfix-1-2406-1-23?view=azs-2406 16813 Release Notes Release Notes https://azurestackhub.download.prss.microsoft.com/dbazure/download/MAS_ProdHotfix_1.2406.1.23/HotFix/metadata.xml 16813 No Security Update 1.2406.1.23 https://learn.microsoft.com/en-us/azure-stack/operator/hotfix-1-2406-1-23?view=azs-2406 16813 Release Notes Release Notes https://azurestackhub.download.prss.microsoft.com/dbazure/download/MAS_ProdHotfix_1.2501.1.47/HotFix/AzS_Update_1.2501.1.47.zip 16811 No Security Update 1.2501.1.47 https://learn.microsoft.com/en-us/azure-stack/operator/hotfix-1-2501-1-47?view=azs-2501 16811 Release Notes Release Notes https://azurestackhub.download.prss.microsoft.com/dbazure/download/MAS_ProdHotfix_1.2501.1.47/HotFix/metadata.xml 16811 No Security Update 1.2501.1.47 https://learn.microsoft.com/en-us/azure-stack/operator/hotfix-1-2501-1-47?view=azs-2501 16811 Release Notes <a href="https://twitter.com/hoangnx99">nxhoang99</a> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Chromium: CVE-2025-8583 Inappropriate implementation in Permissions <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8583 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:20 <p>Information published.</p> Chromium: CVE-2025-8579 Inappropriate implementation in Gemini Live in Chrome <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8579 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:16 <p>Information published.</p> Chromium: CVE-2025-8577 Inappropriate implementation in Picture In Picture <p>Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/202%5BSS9.1%5D5">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-8577 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-07T18:31:14 <p>Information published.</p> Windows Hyper-V Remote Code Execution Vulnerability <p>Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>A race condition is triggered when the admin begins administering from the host system and not a guest or nested guest.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>At the time the authorized attacker sends a specially crafted request an administrator needs to take action on the host.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An attacker on a nested guest VM who successfully exploited the vulnerability could escape their VM and gain admin privilege on the guest that is serving as the host.</p> <p>For diagrams and more detailed information about nested VMs please see <a href="https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization">Run Hyper-V in a Virtual Machine with Nested Virtualization</a>.</p> Role: Windows Hyper-V Microsoft Yes CVE-2025-48807 Improper Restriction of Communication Channel to Intended Endpoints 11569 11571 11572 11923 11924 11931 12085 12086 12097 12437 12242 12243 12244 12389 12390 12436 10853 10816 10855 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12437 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 12436 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5065428 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065428 5063877 11569 11571 11572 Yes Security Update 10.0.17763.7792 https://support.microsoft.com/help/5065428 11569 11571 11572 5065428 5065432 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065432 5063880 11923 11924 Yes Security Update 10.0.20348.4171 https://support.microsoft.com/help/5065432 11923 11924 5065432 5065432 https://support.microsoft.com/help/5065432 11923 11924 5065306 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065306 5063812 11923 11924 Yes Security Hotpatch Update 10.0.20348.4106 https://support.microsoft.com/help/5065306 11923 11924 5065306 5065306 https://support.microsoft.com/help/5065306 11923 11924 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 11931 Yes Security Update 10.0.19044.6332 https://support.microsoft.com/help/5065429 11931 5065429 5065429 https://support.microsoft.com/help/5065429 11931 12097 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12085 12086 Yes Security Update 10.0.22621.5909 https://support.microsoft.com/help/5065431 12085 12086 5065431 5065431 https://support.microsoft.com/help/5065431 12085 12086 12242 12243 5065429 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065429 5063709 12097 Yes Security Update 10.0.19045.6332 https://support.microsoft.com/help/5065429 12097 5065429 5065426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065426 5063878 12437 12389 12390 12436 Yes Security Update 10.0.26100.6584 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065426 5065426 https://support.microsoft.com/help/5065426 12437 12389 12390 12436 5065474 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065474 5064010 12437 12389 12390 12436 Yes SecurityHotpatchUpdate 10.0.26100.6508 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065474 5065474 https://support.microsoft.com/help/5065474 12437 12389 12390 12436 5065431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065431 5063875 12242 12243 Yes Security Update 10.0.22631.5909 https://support.microsoft.com/help/5065431 12242 12243 5065431 5065425 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065425 5063899 12244 Yes Security Update 10.0.25398.1849 https://support.microsoft.com/help/5065425 12244 5065425 5065427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5065427 5063871 10853 10816 10855 Yes Security Update 10.0.14393.8422 https://support.microsoft.com/help/5065427 10853 10816 10855 5065427 QWangWang &amp; zcgonvh 1.0 2025-08-12T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2025, but the CVE was inadvertently omitted from the July 2025 Security Updates. This is an informational change only. Customers who have already installed the July 2025 updates do not need to take any further action.</p> 2.0 2025-09-09T07:00:00 <p>To comprehensively address CVE-2025-48807, Microsoft has released September 2025 security updates for the following versions of Windows: Windows Server 2016 and newer, x64-based editions of Windows 10 Version 1607 and Windows 10 Version 1809, and all supported versions of Windows 10 Version 21H2 and newer and Windows 11 Version 22H2 and newer. Microsoft recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> Azure Portal Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Portal Microsoft No CVE-2025-53792 Improper Authorization 16810 Elevation of Privilege 16810 Critical 16810 Publicly Disclosed:No;Exploited:No 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 16810 <a href="https://twitter.com/hoangnx99">nxhoang99</a> with <a href="https://lab.viettelcybersecurity.com/">VCSLab of Viettel Cyber Security</a> 1.0 2025-08-07T07:00:00 <p>Information published.</p> Azure OpenAI Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure OpenAI Microsoft No CVE-2025-53767 Server-Side Request Forgery (SSRF) 12286 Elevation of Privilege 12286 Critical 12286 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 10.0 8.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 12286 <a href="https://www.linkedin.com/in/danielberredo/">Daniel Santos</a> with Microsoft 1.0 2025-08-07T07:00:00 <p>Information published.</p> Microsoft 365 Copilot BizChat Information Disclosure Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft 365 Copilot's Business Chat Microsoft No CVE-2025-53774 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16791 Information Disclosure 16791 Critical 16791 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 16791 <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2025-08-07T07:00:00 <p>Information published.</p> Microsoft 365 Copilot BizChat Information Disclosure Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft 365 Copilot's Business Chat Microsoft No CVE-2025-53787 Improper Neutralization of Special Elements used in a Command ('Command Injection') 16791 Information Disclosure 16791 Critical 16791 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 16791 Luke Papandrea, Microsoft Corporation 1.0 2025-08-07T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker using either a specially-crafted page or a content script injected into a target page can show an extension's popup over a permission prompt or screen share dialog allowing the extension to spoof parts of the prompt's UI that shows its origin.</p> Microsoft Edge for Android Microsoft Yes CVE-2025-49755 User Interface (UI) Misrepresentation of Critical Information 11815 Spoofing 11815 Low 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://linkedin.com/in/frozzipies">Farras Givari</a> with <a href="https://meta4sec.com/">Meta4sec</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p> Windows Certificate Spoofing Vulnerability <p>Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p> Windows Certificates Microsoft Yes CVE-2025-55229 Improper Verification of Cryptographic Signature 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12437 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 12389 Spoofing 12390 Spoofing 12436 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12085 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12086 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12437 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12242 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12244 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12389 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12390 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 12436 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10729 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10735 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C 10855 5058392 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392 5055519 11568 11569 11571 11572 Yes Security Update 10.0.17763.7314 https://support.microsoft.com/help/5058392 11568 11569 11571 11572 5058392 5058392 https://support.microsoft.com/help/5058392 11568 11569 11571 11572 5058385 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385 5055526 11923 11924 Yes Security Update 10.0.20348.3692 https://support.microsoft.com/help/5058385 11923 11924 5058385 5058500 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500 11923 11924 Yes SecurityHotpatchUpdate 10.0.20348.3630 https://support.microsoft.com/help/5058500 11923 11924 5058500 5058379 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379 5055518 11929 11930 11931 Yes Security Update 10.0.19044.5854 https://support.microsoft.com/help/5058379 11929 11930 11931 5058379 5058379 https://support.microsoft.com/help/5058379 11929 11930 11931 12097 12098 12099 5058405 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405 5055528 12085 12086 Yes Security Update 10.0.22621.5335 https://support.microsoft.com/help/5058405 12085 12086 5058405 5058379 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379 5055518 12097 12098 12099 Yes Security Update 10.0.19045.5854 https://support.microsoft.com/help/5058379 12097 12098 12099 5058379 5058411 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411 5055523 12437 12389 12390 12436 Yes Security Update 10.0.26100.4061 https://support.microsoft.com/help/5058411 12437 12389 12390 12436 5058411 5058411 https://support.microsoft.com/help/5058411 12437 12389 12390 12436 5058405 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405 5055528 12242 12243 Yes Security Update 10.0.22631.5335 https://support.microsoft.com/help/5058405 12242 12243 5058405 5058384 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384 5055527 12244 Yes Security Update 10.0.25398.1611 https://support.microsoft.com/help/5058384 12244 5058384 5058387 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387 5055547 10729 10735 Yes Security Update 10.0.10240.21014 https://support.microsoft.com/help/5058387 10729 10735 5058387 5058383 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383 5055521 10852 10853 10816 10855 Yes Security Update 10.0.14393.8066 https://support.microsoft.com/help/5058383 10852 10853 10816 10855 5058383 Anonymous 1.0 2025-08-21T07:00:00 <p>Information published. This CVE was addressed by updates that were released in May 2025, but the CVE was inadvertently omitted from the May 2025 Security Updates. This is an informational change only. Customers who have already installed the May 2025 updates do not need to take any further action.</p> 2.0 2025-08-26T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Windows Storage-based Management Service Remote Code Execution Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by sending a malicious http request to the web server. A user would then have to restart the compromised service on the server to trigger the vulnerability.</p> Windows Storage Microsoft Yes CVE-2025-55231 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11571 11572 11923 11924 12437 12436 10816 10855 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12436 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12437 Important 12436 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11571 11572 5062572 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062572 5060526 11923 11924 Yes Security Update 10.0.20348.3932 https://support.microsoft.com/help/5062572 11923 11924 5062572 5062553 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062553 5060842 12437 12436 Yes Security Update 10.0.26100.4652 https://support.microsoft.com/help/5062553 12437 12436 5062553 5062553 https://support.microsoft.com/help/5062553 12437 12436 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10816 10855 5062560 5062597 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062597 5061018 10483 10543 Yes Monthly Rollup 6.3.9600.22676 https://support.microsoft.com/help/5062597 10483 10543 5062597 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-08-21T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2025, but the CVE was inadvertently omitted from the July 2025 Security Updates. This is an informational change only. Customers who have already installed the July 2025 updates do not need to take any further action.</p> 2.0 2025-08-26T07:00:00 <p>Corrected Download and Article links in the Security Updates table. This is an informational change only.</p> Chromium: CVE-2025-9478 Use after free in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2025">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.125</td> <td>8/28/2025</td> <td>139.0.7258.154/.155</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-9478 11655 11655 11655 Release Notes 11655 No Security Update 139.0.3405.125 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-08-28T18:46:10 <p>Information published.</p> Azure Virtual Machines Spoofing Vulnerability <p>Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Virtual Machines Microsoft No CVE-2025-49707 Improper Access Control 16796 16797 16798 16799 16804 16805 16806 16807 16808 16814 16815 Spoofing 16796 Spoofing 16797 Spoofing 16798 Spoofing 16799 Spoofing 16804 Spoofing 16805 Spoofing 16806 Spoofing 16807 Spoofing 16808 Spoofing 16814 Spoofing 16815 Critical 16796 Critical 16797 Critical 16798 Critical 16799 Critical 16804 Critical 16805 Critical 16806 Critical 16807 Critical 16808 Critical 16814 Critical 16815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16796 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16797 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16798 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16799 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16804 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16805 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16806 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16807 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16808 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16814 7.9 6.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 16815 Ming-Wei Shih with Microsoft Ahmad Abdullateef with Microsoft 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p>Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p> <p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p> <p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-49712 Deserialization of Untrusted Data 10950 11585 Remote Code Execution 10950 Remote Code Execution 11585 Important 10950 Important 11585 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 5002771 https://www.microsoft.com/en-us/download/details.aspx?id=108317 5002760 10950 Maybe Security Update 16.0.5513.1002 https://support.microsoft.com/help/5002771 10950 5002771 5002771 https://support.microsoft.com/help/5002771 10950 5002769 https://www.microsoft.com/en-us/download/details.aspx?id=108312 5002754 11585 Maybe Security Update 16.0.10417.20041 https://support.microsoft.com/help/5002769 11585 5002769 5002769 https://support.microsoft.com/help/5002769 11585 Railgun with Kunlun Lab 1.0 2025-08-12T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability <p>The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>139.0.3405.86</td> <td>8/07/2025</td> <td>139.0.7258.66/67</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Edge for Android Microsoft Yes CVE-2025-49736 The UI Performs the Wrong Action 11815 Spoofing 11815 Moderate 11815 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 139.0.3405.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://id.linkedin.com/in/alwialhadad/in">Alwi Al Hadad</a> with <a href="https://meta4sec.com/">Meta4sec - Komunitas Siber UNM</a> 1.0 2025-08-12T07:00:00 <p>Information published.</p>