December 2025 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2025-Dec 2025-Dec Final 1.0 983 2026-05-06T14:47:34 December 2025 Security Updates 2025-12-09T00:00:00 2026-05-06T14:47:34 <h2 id="this-release-consists-of-the-following-65-microsoft-cves">This release consists of the following 65 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Windows PowerShell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-54100">CVE-2025-54100</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55233">CVE-2025-55233</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage VSP Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59516">CVE-2025-59516</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Storage VSP Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59517">CVE-2025-59517</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221">CVE-2025-62221</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge for iOS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62223">CVE-2025-62223</a></td> <td>4.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62454">CVE-2025-62454</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62455">CVE-2025-62455</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resilient File System (ReFS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62456">CVE-2025-62456</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62457">CVE-2025-62457</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62458">CVE-2025-62458</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62461">CVE-2025-62461</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62462">CVE-2025-62462</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62463">CVE-2025-62463</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62464">CVE-2025-62464</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62465">CVE-2025-62465</a></td> <td>6.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Client-Side Caching (CSC) Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62466">CVE-2025-62466</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Projected File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62467">CVE-2025-62467</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Defender Firewall Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62468">CVE-2025-62468</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62469">CVE-2025-62469</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62470">CVE-2025-62470</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Access Connection Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62472">CVE-2025-62472</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62473">CVE-2025-62473</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Access Connection Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62474">CVE-2025-62474</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62549">CVE-2025-62549</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Monitor Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62550">CVE-2025-62550</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Access</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62552">CVE-2025-62552</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62553">CVE-2025-62553</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62554">CVE-2025-62554</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62555">CVE-2025-62555</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62556">CVE-2025-62556</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62557">CVE-2025-62557</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62558">CVE-2025-62558</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Word</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62559">CVE-2025-62559</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62560">CVE-2025-62560</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62561">CVE-2025-62561</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62562">CVE-2025-62562</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62563">CVE-2025-62563</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62564">CVE-2025-62564</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62565">CVE-2025-62565</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62567">CVE-2025-62567</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Brokering File System</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62569">CVE-2025-62569</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Camera Frame Server Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62570">CVE-2025-62570</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62571">CVE-2025-62571</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Application Information Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62572">CVE-2025-62572</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DirectX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62573">CVE-2025-62573</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64658">CVE-2025-64658</a></td> <td>7.5</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Shell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64661">CVE-2025-64661</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Cognitive Service for Language - Custom Question Answering</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64663">CVE-2025-64663</a></td> <td>9.9</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64666">CVE-2025-64666</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Exchange Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64667">CVE-2025-64667</a></td> <td>5.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Admin Center</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64669">CVE-2025-64669</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64670">CVE-2025-64670</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Copilot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64671">CVE-2025-64671</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64672">CVE-2025-64672</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Storvsp.sys Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64673">CVE-2025-64673</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Cosmos DB</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64675">CVE-2025-64675</a></td> <td>8.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Purview</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64676">CVE-2025-64676</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Office Out-of-Box Experience</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64677">CVE-2025-64677</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64678">CVE-2025-64678</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64679">CVE-2025-64679</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-64680">CVE-2025-64680</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Container Apps</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-65037">CVE-2025-65037</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Partner Center</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-65041">CVE-2025-65041</a></td> <td>10.0</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-65046">CVE-2025-65046</a></td> <td>3.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td> <td></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-18-non-microsoft-cves">We are republishing 18 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13630">CVE-2025-13630</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13631">CVE-2025-13631</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13632">CVE-2025-13632</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13633">CVE-2025-13633</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13634">CVE-2025-13634</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13635">CVE-2025-13635</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13636">CVE-2025-13636</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13637">CVE-2025-13637</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13638">CVE-2025-13638</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13639">CVE-2025-13639</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13640">CVE-2025-13640</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13720">CVE-2025-13720</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-13721">CVE-2025-13721</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-14174">CVE-2025-14174</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-14372">CVE-2025-14372</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-14373">CVE-2025-14373</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-14765">CVE-2025-14765</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-14766">CVE-2025-14766</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>October 31, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/introducing-new-features-improved-security-experience">You asked, we delivered: Introducing new features for an improved security experience</a></td> </tr> <tr> <td>October 28, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/understanding-cve-2025-55315">Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know</a></td> </tr> <tr> <td>October 22, 2025</td> <td><a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond</a></td> </tr> <tr> <td>November 12, 2024</td> <td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td> </tr> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5071413">5071413</a></td> <td>Windows Server 2022 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071501">5071501</a></td> <td>Windows Server 2008 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071503">5071503</a></td> <td>Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071504">5071504</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071505">5071505</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071507">5071507</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071542">5071542</a></td> <td>Windows Server 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071543">5071543</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071544">5071544</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071546">5071546</a></td> <td>Windows 10</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5071547">5071547</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5072014">5072014</a></td> <td>Windows Server 2025 Hotpatch</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5072033">5072033</a></td> <td>Windows 11, version 24H2, Windows 11, version 25H2, Server 2025</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Edge (Chromium-based) Microsoft Edge for Android Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows Admin Center Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Exchange Server 2019 Cumulative Update 14 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Office Online Server Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC for Mac 2024 Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office for Android Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft SharePoint Server Subscription Edition Microsoft Purview Office Out-of-Box Experience Microsoft Exchange Server Subscription Edition RTM Azure Monitor Agent Azure Cognitive Service for Language Microsoft Partner Center Azure Container Apps Azure Cosmos DB GitHub Copilot Plugin for JetBrains IDEs cbl2 pgbouncer 1.24.1-1 on CBL Mariner 2.0 azl3 pgbouncer 1.24.1-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 httpd 2.4.65-1 on Azure Linux 3.0 cbl2 httpd 2.4.65-1 on CBL Mariner 2.0 azl3 python-urllib3 2.0.7-2 on Azure Linux 3.0 azl3 avahi 0.8-5 on Azure Linux 3.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 net-snmp 5.9.4-1 on CBL Mariner 2.0 azl3 net-snmp 5.9.4-1 on Azure Linux 3.0 cbl2 python3 3.9.19-16 on CBL Mariner 2.0 cbl2 python3 3.9.19-17 on CBL Mariner 2.0 azl3 python3 3.12.9-6 on Azure Linux 3.0 azl3 python3 3.12.9-5 on Azure Linux 3.0 azl3 vim 9.1.1616-1 on Azure Linux 3.0 cbl2 vim 9.1.1616-1 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 cbl2 python-urllib3 1.26.19-2 on CBL Mariner 2.0 cbl2 python-virtualenv 20.26.6-2 on CBL Mariner 2.0 azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0 azl3 rubygem-elasticsearch 8.9.0-1 on Azure Linux 3.0 cbl2 rubygem-elasticsearch 8.3.0-1 on CBL Mariner 2.0 cbl2 avahi 0.8-4 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 gcc 11.2.0-9 on CBL Mariner 2.0 azl3 golang 1.25.5-1 on Azure Linux 3.0 cbl2 golang 1.18.8-10 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 azl3 golang 1.23.12-1 on Azure Linux 3.0 azl3 golang 1.25.3-1 on Azure Linux 3.0 cbl2 msft-golang 1.24.9-1 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 cbl2 msft-golang 1.24.11-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-18 on CBL Mariner 2.0 azl3 qtdeclarative 6.6.1-1 on Azure Linux 3.0 cbl2 qt5-qtdeclarative 5.12.5-5 on CBL Mariner 2.0 azl3 libsoup 3.4.4-10 on Azure Linux 3.0 cbl2 libsoup 3.0.4-10 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft Access 2016 (32-bit edition) Microsoft Access 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows Server 2016 Office Online Server Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Windows Admin Center Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Edge for Android Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Azure Cosmos DB Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Exchange Server 2016 Cumulative Update 23 Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Microsoft Office for Android Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft Exchange Server 2019 Cumulative Update 14 Azure Monitor Agent Microsoft Purview Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2024 for 64-bit editions Microsoft Partner Center Windows Server 2025 Windows Server 2025 (Server Core installation) Microsoft Office LTSC for Mac 2024 Microsoft Exchange Server 2019 Cumulative Update 15 Microsoft Exchange Server Subscription Edition RTM azl3 syslinux 6.04-11 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 azl3 avahi 0.8-5 on Azure Linux 3.0 azl3 nmap 7.95-2 on Azure Linux 3.0 azl3 libpcap 1.10.5-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 syslinux 6.04-10 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 net-snmp 5.9.4-1 on CBL Mariner 2.0 azl3 net-snmp 5.9.4-1 on Azure Linux 3.0 azl3 mariadb 10.11.11-1 on Azure Linux 3.0 azl3 telegraf 1.31.0-10 on Azure Linux 3.0 azl3 keda 2.14.1-7 on Azure Linux 3.0 azl3 cni-plugins 1.4.0-3 on Azure Linux 3.0 cbl2 pgbouncer 1.24.1-1 on CBL Mariner 2.0 azl3 pgbouncer 1.24.1-1 on Azure Linux 3.0 cbl2 php 8.1.33-1 on CBL Mariner 2.0 cbl2 httpd 2.4.65-1 on CBL Mariner 2.0 azl3 python-urllib3 2.0.7-2 on Azure Linux 3.0 azl3 httpd 2.4.65-1 on Azure Linux 3.0 azl3 qtbase 6.6.3-4 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0 cbl2 avahi 0.8-4 on CBL Mariner 2.0 azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0 azl3 golang 1.23.12-1 on Azure Linux 3.0 azl3 influxdb 2.7.5-8 on Azure Linux 3.0 cbl2 mariadb 10.6.21-1 on CBL Mariner 2.0 azl3 php 8.3.23-1 on Azure Linux 3.0 cbl2 rubygem-elasticsearch 8.3.0-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-18 on CBL Mariner 2.0 azl3 rubygem-elasticsearch 8.9.0-1 on Azure Linux 3.0 cbl2 util-linux 2.37.4-9 on CBL Mariner 2.0 cbl2 libpcap 1.10.1-4 on CBL Mariner 2.0 cbl2 nmap 7.93-3 on CBL Mariner 2.0 cbl2 gnupg2 2.4.0-2 on CBL Mariner 2.0 azl3 gnupg2 2.4.7-1 on Azure Linux 3.0 cbl2 kubernetes 1.28.4-19 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-5 on CBL Mariner 2.0 cbl2 edk2 20230301gitf80f052277c8-43 on CBL Mariner 2.0 cbl2 hvloader 1.0.1-14 on CBL Mariner 2.0 cbl2 cert-manager 1.11.2-24 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-17 on CBL Mariner 2.0 cbl2 golang 1.22.7-5 on CBL Mariner 2.0 cbl2 python-urllib3 1.26.19-2 on CBL Mariner 2.0 cbl2 ruby 3.1.7-3 on CBL Mariner 2.0 cbl2 kata-containers 3.2.0.azl2-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-8 on CBL Mariner 2.0 azl3 kata-containers-cc 3.15.0.aks0-5 on Azure Linux 3.0 Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems cbl2 golang 1.18.8-10 on CBL Mariner 2.0 cbl2 influxdb 2.6.1-24 on CBL Mariner 2.0 cbl2 python-virtualenv 20.26.6-2 on CBL Mariner 2.0 cbl2 jx 3.2.236-23 on CBL Mariner 2.0 azl3 python3 3.12.9-5 on Azure Linux 3.0 azl3 edk2 20240524git3e722403cd16-10 on Azure Linux 3.0 azl3 golang 1.25.3-1 on Azure Linux 3.0 cbl2 msft-golang 1.24.9-1 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-10 on CBL Mariner 2.0 cbl2 python3 3.9.19-16 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 libsoup 3.4.4-10 on Azure Linux 3.0 azl3 ruby 3.3.5-6 on Azure Linux 3.0 azl3 libpng 1.6.40-1 on Azure Linux 3.0 GitHub Copilot Plugin for JetBrains IDEs Office Out-of-Box Experience Azure Cognitive Service for Language azl3 vim 9.1.1616-1 on Azure Linux 3.0 cbl2 vim 9.1.1616-1 on CBL Mariner 2.0 cbl2 libpng 1.6.51-1 on CBL Mariner 2.0 cbl2 python3 3.9.19-17 on CBL Mariner 2.0 cbl2 msft-golang 1.24.11-1 on CBL Mariner 2.0 cbl2 gcc 11.2.0-9 on CBL Mariner 2.0 cbl2 qemu 6.2.0-26 on CBL Mariner 2.0 cbl2 containerized-data-importer 1.55.0-26 on CBL Mariner 2.0 cbl2 cri-o 1.22.3-17 on CBL Mariner 2.0 cbl2 kubevirt 0.59.0-31 on CBL Mariner 2.0 azl3 golang 1.25.5-1 on Azure Linux 3.0 azl3 python3 3.12.9-6 on Azure Linux 3.0 azl3 containerized-data-importer 1.57.0-17 on Azure Linux 3.0 azl3 dcos-cli 1.2.0-19 on Azure Linux 3.0 azl3 flannel 0.24.2-21 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata2-2 on Azure Linux 3.0 azl3 kubernetes 1.30.10-16 on Azure Linux 3.0 cbl2 cf-cli 8.4.0-25 on CBL Mariner 2.0 cbl2 cni-plugins 1.3.0-9 on CBL Mariner 2.0 cbl2 dcos-cli 1.2.0-22 on CBL Mariner 2.0 cbl2 flannel 0.14.0-26 on CBL Mariner 2.0 cbl2 kube-vip-cloud-provider 0.0.2-23 on CBL Mariner 2.0 cbl2 local-path-provisioner 0.0.21-19 on CBL Mariner 2.0 cbl2 moby-buildx 0.7.1-26 on CBL Mariner 2.0 cbl2 moby-compose 2.17.3-12 on CBL Mariner 2.0 azl3 qtdeclarative 6.6.1-1 on Azure Linux 3.0 cbl2 qt5-qtdeclarative 5.12.5-5 on CBL Mariner 2.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 qemu 8.2.0-25 on Azure Linux 3.0 azl3 fluent-bit 3.1.10-2 on Azure Linux 3.0 azl3 telegraf 1.31.0-11 on Azure Linux 3.0 azl3 rust 1.75.0-22 on Azure Linux 3.0 azl3 glib 2.78.6-5 on Azure Linux 3.0 cbl2 glib 2.71.0-8 on CBL Mariner 2.0 azl3 util-linux 2.40.2-1 on Azure Linux 3.0 Azure Container Apps cbl2 coredns 1.11.1-24 on CBL Mariner 2.0 azl3 coredns 1.11.4-11 on Azure Linux 3.0 azl3 python-filelock 3.14.0-1 on Azure Linux 3.0 cbl2 keda 2.4.0-30 on CBL Mariner 2.0 cbl2 kubernetes 1.28.4-21 on CBL Mariner 2.0 cbl2 influxdb 2.6.1-27 on CBL Mariner 2.0 azl3 libcap 2.69-10 on Azure Linux 3.0 azl3 libsodium 1.0.19-1 on Azure Linux 3.0 cbl2 libsodium 1.0.18-6 on CBL Mariner 2.0 cbl2 reaper 3.1.1-22 on CBL Mariner 2.0 cbl2 mariadb 10.6.24-1 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-18 on CBL Mariner 2.0 cbl2 glib 2.71.0-9 on CBL Mariner 2.0 cbl2 util-linux 2.37.4-10 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 python3 3.12.9-7 on Azure Linux 3.0 azl3 kubernetes 1.30.10-18 on Azure Linux 3.0 azl3 telegraf 1.31.0-12 on Azure Linux 3.0 azl3 influxdb 2.7.5-10 on Azure Linux 3.0 azl3 php 8.3.29-1 on Azure Linux 3.0 azl3 libsoup 3.4.4-11 on Azure Linux 3.0 azl3 fluent-bit 3.1.10-4 on Azure Linux 3.0 azl3 glib 2.78.6-6 on Azure Linux 3.0 azl3 util-linux 2.40.2-3 on Azure Linux 3.0 azl3 hyperv-daemons 6.6.119.3-1 on Azure Linux 3.0 cbl2 hyperv-daemons 5.15.186.1-1 on CBL Mariner 2.0 azl3 rust 1.90.0-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kata-containers-cc 3.15.0.aks0-6 on Azure Linux 3.0 azl3 avahi 0.8-6 on Azure Linux 3.0 azl3 kata-containers 3.19.1.kata2-3 on Azure Linux 3.0 azl3 libsodium 1.0.19-2 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 avahi 0.8-5 on CBL Mariner 2.0 azl3 avahi 0.8-7 on Azure Linux 3.0 azl3 golang 1.25.6-1 on Azure Linux 3.0 azl3 rust 1.75.0-24 on Azure Linux 3.0 azl3 rust 1.90.0-3 on Azure Linux 3.0 cbl2 msft-golang 1.24.12-1 on CBL Mariner 2.0 azl3 kata-containers 3.19.1.kata2-4 on Azure Linux 3.0 azl3 nmap 7.95-3 on Azure Linux 3.0 cbl2 nmap 7.93-4 on CBL Mariner 2.0 cbl2 libsodium 1.0.18-7 on CBL Mariner 2.0 azl3 ruby 3.3.5-7 on Azure Linux 3.0 cbl2 ruby 3.1.7-4 on CBL Mariner 2.0 cbl2 python-urllib3 1.26.19-3 on CBL Mariner 2.0 cbl2 python3 3.9.19-18 on CBL Mariner 2.0 azl3 hyperv-daemons 6.6.121.1-1 on Azure Linux 3.0 azl3 libcap 2.69-12 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 cbl2 libsoup 3.0.4-12 on CBL Mariner 2.0 cbl2 python3 3.9.19-19 on CBL Mariner 2.0 cbl2 msft-golang 1.24.13-1 on CBL Mariner 2.0 cbl2 libpcap 1.10.1-5 on CBL Mariner 2.0 cbl2 gnupg2 2.4.0-3 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 azl3 libsoup 3.4.4-12 on Azure Linux 3.0 azl3 rust 1.90.0-4 on Azure Linux 3.0 azl3 golang 1.26.0-1 on Azure Linux 3.0 cbl2 python-filelock 3.0.12-13 on CBL Mariner 2.0 azl3 golang 1.25.7-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 libsoup 3.4.4-14 on Azure Linux 3.0 azl3 golang 1.25.8-1 on Azure Linux 3.0 cbl2 libsoup 3.0.4-13 on CBL Mariner 2.0 cbl2 msft-golang 1.25.8-1 on CBL Mariner 2.0 azl3 libsoup 3.4.4-15 on Azure Linux 3.0 azl3 golang 1.25.9-1 on Azure Linux 3.0 azl3 avahi 0.8-8 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Untrusted search path in auth_query connection in PgBouncer Mariner PostgreSQL Yes CVE-2025-12819 Untrusted Search Path 19349-17086 19350-17084 19349-17086 19350-17084 Important 19349-17086 Important 19350-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19349-17086 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19350-17084 CBL-Mariner Releases 19349-17086 19350-17084 No Security Update 1.25.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19349-17086 19350-17084 CBL-Mariner Releases 1.0 2025-12-05T01:02:46 <p>Information published.</p> 2.0 2025-12-06T01:04:01 <p>Information published.</p> 3.0 2025-12-20T14:35:11 <p>Information published.</p> 4.0 2025-12-23T01:37:37 <p>Information published.</p> Excessive read buffering DoS in http.client Mariner PSF Yes CVE-2025-13836 Uncontrolled Resource Consumption 20603-17086 20685-17086 20708-17084 20790-17084 20557-17084 17667-17084 20603-17086 20685-17086 20708-17084 20790-17084 20557-17084 17667-17084 Moderate 20603-17086 Moderate 20685-17086 Moderate 20708-17084 Moderate 20790-17084 Moderate 20557-17084 Moderate 17667-17084 CBL-Mariner Releases 20708-17084 20790-17084 No Security Update 3.12.9-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20708-17084 20790-17084 CBL-Mariner Releases 1.0 2025-12-05T01:03:07 <p>Information published.</p> 3.0 2025-12-07T01:40:46 <p>Information published.</p> 2.0 2025-12-06T14:40:57 <p>Information published.</p> 4.0 2025-12-09T01:38:18 <p>Information published.</p> 5.0 2025-12-31T01:36:27 <p>Information published.</p> 6.0 2026-01-08T14:41:06 <p>Information published.</p> Out-of-memory when loading Plist Mariner PSF Yes CVE-2025-13837 Uncontrolled Resource Consumption 20603-17086 17667-17084 20708-17084 20916-17086 20937-17086 20557-17084 20685-17086 20790-17084 20603-17086 17667-17084 20708-17084 20916-17086 20937-17086 20557-17084 20685-17086 20790-17084 Low 20603-17086 Low 17667-17084 Low 20708-17084 Low 20916-17086 Low 20937-17086 Low 20557-17084 Low 20685-17086 Low 20790-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20603-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17667-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20708-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20916-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20937-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20557-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20685-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 20790-17084 CBL-Mariner Releases 20708-17084 20790-17084 No Security Update 3.12.9-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20708-17084 20790-17084 CBL-Mariner Releases CBL-Mariner Releases 20937-17086 No Security Update 3.9.19-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20937-17086 CBL-Mariner Releases 1.0 2025-12-05T01:03:18 <p>Information published.</p> 3.0 2025-12-07T01:41:04 <p>Information published.</p> 5.0 2025-12-31T01:36:37 <p>Information published.</p> 7.0 2026-02-21T04:20:53 <p>Information published.</p> 8.0 2026-03-03T15:01:21 <p>Information published.</p> 9.0 2026-03-31T15:13:04 <p>Information published.</p> 2.0 2025-12-06T14:41:02 <p>Information published.</p> 4.0 2025-12-09T01:38:23 <p>Information published.</p> 6.0 2026-01-08T14:41:21 <p>Information published.</p> Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability Mariner GitHub_M Yes CVE-2025-66476 Uncontrolled Search Path Element 20682-17084 20683-17086 20682-17084 20683-17086 Important 20682-17084 Important 20683-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20682-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 20683-17086 2.0 2025-12-09T01:37:47 <p>Information published.</p> 1.0 2025-12-05T01:03:28 <p>Information published.</p> xfrm: delete x->tunnel as we delete x Mariner Linux Yes CVE-2025-40215 20613-17084 20725-17084 20823-17084 20788-17084 20613-17084 20725-17084 20823-17084 20788-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 3.0 2025-12-07T01:41:14 <p>Information published.</p> 5.0 2026-01-20T14:50:38 <p>Information published.</p> 6.0 2026-02-21T04:21:50 <p>Information published.</p> 1.0 2025-12-05T01:03:33 <p>Information published.</p> 2.0 2025-12-05T14:35:43 <p>Information published.</p> 4.0 2026-01-08T14:41:32 <p>Information published.</p> mm/damon/vaddr: do not repeat pte_offset_map_lock() until success Mariner Linux Yes CVE-2025-40218 20613-17084 20613-17084 Moderate 20613-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-05T01:03:38 <p>Information published.</p> 2.0 2025-12-07T01:41:28 <p>Information published.</p> 3.0 2025-12-09T01:37:53 <p>Information published.</p> Input: imx_sc_key - fix memory corruption on unload Mariner Linux Yes CVE-2025-40262 20613-17084 20725-17084 20613-17084 20725-17084 Critical 20613-17084 Critical 20725-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20613-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20725-17084 1.0 2025-12-06T01:01:49 <p>Information published.</p> 2.0 2025-12-07T01:42:38 <p>Information published.</p> 3.0 2025-12-09T01:38:33 <p>Information published.</p> gfs2: Fix unlikely race in gdlm_put_lock Mariner Linux Yes CVE-2025-40242 20613-17084 20725-17084 20613-17084 20725-17084 Critical 20613-17084 Critical 20725-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20613-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20725-17084 1.0 2025-12-06T01:02:00 <p>Information published.</p> 2.0 2025-12-07T01:42:59 <p>Information published.</p> 3.0 2025-12-09T01:38:38 <p>Information published.</p> sctp: avoid NULL dereference when chunk data buffer is missing Mariner Linux Yes CVE-2025-40240 20613-17084 20613-17084 Important 20613-17084 8.6 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:10 <p>Information published.</p> 2.0 2025-12-07T01:43:22 <p>Information published.</p> nios2: ensure that memblock.current_limit is set when setting pfn limits Mariner Linux Yes CVE-2025-40245 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:16 <p>Information published.</p> 2.0 2025-12-07T01:43:36 <p>Information published.</p> 3.0 2025-12-09T01:38:43 <p>Information published.</p> mptcp: fix race condition in mptcp_schedule_work() Mariner Linux Yes CVE-2025-40258 20613-17084 20725-17084 20613-17084 20725-17084 Important 20613-17084 Important 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 2.0 2025-12-07T01:43:46 <p>Information published.</p> 1.0 2025-12-06T01:02:21 <p>Information published.</p> 3.0 2026-01-07T14:36:23 <p>Information published.</p> net: openvswitch: remove never-working support for setting nsh fields Mariner Linux Yes CVE-2025-40254 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:27 <p>Information published.</p> 2.0 2025-12-07T01:43:56 <p>Information published.</p> 3.0 2026-01-07T14:36:30 <p>Information published.</p> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Mariner Linux Yes CVE-2025-40252 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U 20613-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:43 <p>Information published.</p> 2.0 2025-12-07T01:44:31 <p>Information published.</p> 3.0 2026-01-07T14:36:43 <p>Information published.</p> most: usb: Fix use-after-free in hdm_disconnect Mariner Linux Yes CVE-2025-40223 20613-17084 20613-17084 Important 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:54 <p>Information published.</p> 2.0 2025-12-07T01:44:55 <p>Information published.</p> 3.0 2025-12-09T01:38:54 <p>Information published.</p> be2net: pass wrb_params in case of OS2BMC Mariner Linux Yes CVE-2025-40264 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 2.0 2025-12-07T01:45:19 <p>Information published.</p> 1.0 2025-12-06T01:03:05 <p>Information published.</p> 3.0 2026-01-07T14:36:56 <p>Information published.</p> ocfs2: clear extent cache after moving/defragmenting extents Mariner Linux Yes CVE-2025-40233 20613-17084 20613-17084 Important 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-06T01:03:16 <p>Information published.</p> 2.0 2025-12-07T01:45:45 <p>Information published.</p> 3.0 2025-12-09T01:39:10 <p>Information published.</p> drm/msm: Fix pgtable prealloc error path Mariner Linux Yes CVE-2025-40247 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 2.0 2025-12-07T01:45:55 <p>Information published.</p> 1.0 2025-12-06T01:03:21 <p>Information published.</p> net/mlx5: Clean up only new IRQ glue on request_irq() failure Mariner Linux Yes CVE-2025-40250 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:03:26 <p>Information published.</p> 2.0 2025-12-07T01:46:07 <p>Information published.</p> 3.0 2026-01-07T14:37:02 <p>Information published.</p> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Mariner Linux Yes CVE-2025-40251 20613-17084 20925-17086 21093-17086 20725-17084 17087-17086 20613-17084 20925-17086 21093-17086 20725-17084 17087-17086 Critical 20613-17084 Moderate 20925-17086 Moderate 21093-17086 Critical 20725-17084 Moderate 17087-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 2.0 2025-12-07T01:46:18 <p>Information published.</p> 7.0 2026-03-31T15:16:43 <p>Information published.</p> 1.0 2025-12-06T01:03:32 <p>Information published.</p> 3.0 2026-01-07T14:37:09 <p>Information published.</p> 4.0 2026-02-28T01:01:52 <p>Information published.</p> 5.0 2026-03-02T14:36:52 <p>Information published.</p> 6.0 2026-03-03T14:58:43 <p>Information published.</p> A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Mariner mitre Yes CVE-2025-65637 Uncontrolled Resource Consumption 20770-17086 20769-17086 20828-17084 20824-17084 20876-17084 19348-17084 20709-17084 20710-17084 20711-17084 20079-17084 20712-17084 20421-17084 20713-17084 17793-17084 20381-17086 20714-17086 20715-17086 20699-17086 20700-17086 20716-17086 20717-17086 20520-17086 20537-17086 20393-17086 20394-17086 20718-17086 20364-17086 20703-17086 19792-17086 20719-17086 20720-17086 20721-17086 20372-17086 20794-17084 20770-17086 20769-17086 20828-17084 20824-17084 20876-17084 19348-17084 20709-17084 20710-17084 20711-17084 20079-17084 20712-17084 20421-17084 20713-17084 17793-17084 20381-17086 20714-17086 20715-17086 20699-17086 20700-17086 20716-17086 20717-17086 20520-17086 20537-17086 20393-17086 20394-17086 20718-17086 20364-17086 20703-17086 19792-17086 20719-17086 20720-17086 20721-17086 20372-17086 20794-17084 Moderate 20770-17086 Moderate 20769-17086 Moderate 20828-17084 Moderate 20824-17084 Moderate 20876-17084 Moderate 19348-17084 Moderate 20709-17084 Moderate 20710-17084 Moderate 20711-17084 Moderate 20079-17084 Moderate 20712-17084 Moderate 20421-17084 Moderate 20713-17084 Moderate 17793-17084 Moderate 20381-17086 Moderate 20714-17086 Moderate 20715-17086 Moderate 20699-17086 Moderate 20700-17086 Moderate 20716-17086 Moderate 20717-17086 Moderate 20520-17086 Moderate 20537-17086 Moderate 20393-17086 Moderate 20394-17086 Moderate 20718-17086 Moderate 20364-17086 Moderate 20703-17086 Moderate 19792-17086 Moderate 20719-17086 Moderate 20720-17086 Moderate 20721-17086 Moderate 20372-17086 Moderate 20794-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20770-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20769-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20828-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20824-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20876-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19348-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20709-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20710-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20711-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20079-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20712-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20421-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20713-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17793-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20381-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20714-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20715-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20699-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20700-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20716-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20717-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20520-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20537-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20393-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20394-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20718-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20364-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20703-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19792-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20719-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20720-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20721-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20372-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 20794-17084 CBL-Mariner Releases 20770-17086 20520-17086 No Security Update 2.6.1-25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20770-17086 20520-17086 CBL-Mariner Releases CBL-Mariner Releases 20769-17086 20364-17086 No Security Update 1.28.4-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20769-17086 20364-17086 CBL-Mariner Releases CBL-Mariner Releases 20876-17084 No Security Update 3.19.1.kata2-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20876-17084 CBL-Mariner Releases CBL-Mariner Releases 19348-17084 No Security Update 1.4.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19348-17084 CBL-Mariner Releases CBL-Mariner Releases 20709-17084 No Security Update 1.57.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20709-17084 CBL-Mariner Releases CBL-Mariner Releases 20710-17084 No Security Update 1.2.0-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20710-17084 CBL-Mariner Releases CBL-Mariner Releases 20711-17084 No Security Update 0.24.2-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20711-17084 CBL-Mariner Releases CBL-Mariner Releases 20079-17084 No Security Update 2.7.5-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20079-17084 CBL-Mariner Releases CBL-Mariner Releases 20713-17084 No Security Update 1.30.10-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20713-17084 CBL-Mariner Releases CBL-Mariner Releases 20381-17086 No Security Update 1.11.2-25 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20381-17086 CBL-Mariner Releases CBL-Mariner Releases 20714-17086 No Security Update 8.4.0-26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20714-17086 CBL-Mariner Releases CBL-Mariner Releases 20715-17086 No Security Update 1.3.0-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20715-17086 CBL-Mariner Releases CBL-Mariner Releases 20699-17086 No Security Update 1.55.0-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20699-17086 CBL-Mariner Releases CBL-Mariner Releases 20700-17086 No Security Update 1.22.3-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20700-17086 CBL-Mariner Releases CBL-Mariner Releases 20716-17086 No Security Update 1.2.0-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20716-17086 CBL-Mariner Releases CBL-Mariner Releases 20717-17086 No Security Update 0.14.0-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20717-17086 CBL-Mariner Releases CBL-Mariner Releases 20537-17086 No Security Update 3.2.236-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20537-17086 CBL-Mariner Releases CBL-Mariner Releases 20718-17086 No Security Update 0.0.2-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20718-17086 CBL-Mariner Releases CBL-Mariner Releases 20703-17086 No Security Update 0.59.0-32 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20703-17086 CBL-Mariner Releases CBL-Mariner Releases 20719-17086 No Security Update 0.0.21-20 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20719-17086 CBL-Mariner Releases CBL-Mariner Releases 20720-17086 No Security Update 0.7.1-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20720-17086 CBL-Mariner Releases CBL-Mariner Releases 20721-17086 No Security Update 2.17.3-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20721-17086 CBL-Mariner Releases CBL-Mariner Releases 20372-17086 No Security Update 2.37.9-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20372-17086 CBL-Mariner Releases CBL-Mariner Releases 20794-17084 No Security Update 1.30.10-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20794-17084 CBL-Mariner Releases 2.0 2025-12-08T14:37:29 <p>Information published.</p> 3.0 2025-12-09T01:39:50 <p>Information published.</p> 4.0 2025-12-17T14:36:48 <p>Information published.</p> 5.0 2025-12-20T14:35:32 <p>Information published.</p> 8.0 2025-12-30T14:35:57 <p>Information published.</p> 9.0 2026-01-03T01:40:04 <p>Information published.</p> 11.0 2026-01-20T14:50:54 <p>Information published.</p> 13.0 2026-02-26T14:35:34 <p>Information published.</p> 1.0 2025-12-07T01:03:21 <p>Information published.</p> 6.0 2025-12-23T01:37:58 <p>Information published.</p> 7.0 2025-12-30T01:36:12 <p>Information published.</p> 10.0 2026-01-08T14:42:32 <p>Information published.</p> 12.0 2026-02-21T03:45:20 <p>Information published.</p> Apache HTTP Server: CGI environment variable override Mariner apache Yes CVE-2025-65082 Improper Neutralization of Escape, Meta, or Control Sequences 19625-17084 19577-17086 19625-17084 19577-17086 Moderate 19625-17084 Moderate 19577-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19625-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19577-17086 CBL-Mariner Releases 19625-17084 19577-17086 No Security Update 2.4.66-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19625-17084 19577-17086 CBL-Mariner Releases 2.0 2025-12-08T14:37:36 <p>Information published.</p> 4.0 2025-12-20T14:35:39 <p>Information published.</p> 1.0 2025-12-07T01:03:30 <p>Information published.</p> 3.0 2025-12-17T14:37:18 <p>Information published.</p> Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF Mariner apache Yes CVE-2025-59775 Server-Side Request Forgery (SSRF) 19577-17086 19625-17084 19577-17086 19625-17084 Important 19577-17086 Important 19625-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19577-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19625-17084 2.0 2025-12-08T14:37:51 <p>Information published.</p> 1.0 2025-12-07T01:03:46 <p>Information published.</p> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Mariner Linux Yes CVE-2025-40277 20613-17084 20613-17084 Moderate 20613-17084 7.3 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:01:25 <p>Information published.</p> 3.0 2025-12-16T14:38:13 <p>Information published.</p> 2.0 2025-12-09T01:41:10 <p>Information published.</p> exfat: fix improper check of dentry.stream.valid_size Mariner Linux Yes CVE-2025-40287 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-08T01:04:47 <p>Information published.</p> 2.0 2025-12-08T14:38:22 <p>Information published.</p> 3.0 2025-12-09T01:40:07 <p>Information published.</p> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Mariner Linux Yes CVE-2025-40275 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:14 <p>Information published.</p> 2.0 2025-12-09T01:40:26 <p>Information published.</p> 3.0 2025-12-16T14:37:27 <p>Information published.</p> smb/server: fix possible refcount leak in smb2_sess_setup() Mariner Linux Yes CVE-2025-40285 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-08T01:05:30 <p>Information published.</p> 2.0 2025-12-09T01:40:41 <p>Information published.</p> exfat: validate cluster allocation bits of the allocation bitmap Mariner Linux Yes CVE-2025-40307 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-09T01:01:26 <p>Information published.</p> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget Mariner Linux Yes CVE-2025-40314 20613-17084 20613-17084 Important 20613-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20613-17084 1.0 2025-12-09T01:02:20 <p>Information published.</p> Bluetooth: hci_event: validate skb length for unknown CC opcode Mariner Linux Yes CVE-2025-40301 20613-17084 20613-17084 Moderate 20613-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:02:36 <p>Information published.</p> 2.0 2025-12-16T14:39:04 <p>Information published.</p> net: bridge: fix use-after-free due to MST port state bypass Mariner Linux Yes CVE-2025-40297 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:03:18 <p>Information published.</p> 2.0 2025-12-16T14:39:49 <p>Information published.</p> btrfs: ensure no dirty metadata is written back for an fs with errors Mariner Linux Yes CVE-2025-40303 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:39:56 <p>Information published.</p> 1.0 2025-12-09T01:03:24 <p>Information published.</p> smb: client: fix potential UAF in smb2_close_cached_fid() Mariner Linux Yes CVE-2025-40328 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-10T01:01:57 <p>Information published.</p> 2.0 2025-12-16T14:40:28 <p>Information published.</p> nvme-fc: use lock accessing port_state and rport state Mariner Linux Yes CVE-2025-40342 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-10T01:02:17 <p>Information published.</p> 2.0 2025-12-16T14:40:34 <p>Information published.</p> drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb Mariner Linux Yes CVE-2025-40329 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-10T01:02:22 <p>Information published.</p> 2.0 2025-12-16T14:40:41 <p>Information published.</p> drm/amdgpu: validate userq buffer virtual address and size Mariner Linux Yes CVE-2025-40334 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 2.0 2025-12-11T01:36:37 <p>Information published.</p> 1.0 2025-12-10T01:02:50 <p>Information published.</p> urllib3 allows an unbounded number of links in the decompression chain Mariner GitHub_M Yes CVE-2025-66418 Allocation of Resources Without Limits or Throttling 20389-17086 20530-17086 17667-17084 19620-17084 20890-17086 20389-17086 20530-17086 17667-17084 19620-17084 20890-17086 Important 20389-17086 Important 20530-17086 Important 17667-17084 Important 19620-17084 Important 20890-17086 CBL-Mariner Releases 20389-17086 20890-17086 No Security Update 1.26.19-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20389-17086 20890-17086 CBL-Mariner Releases CBL-Mariner Releases 19620-17084 No Security Update 2.0.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19620-17084 CBL-Mariner Releases 3.0 2025-12-16T01:36:37 <p>Information published.</p> 6.0 2026-02-18T14:07:18 <p>Information published.</p> 1.0 2025-12-10T01:02:55 <p>Information published.</p> 2.0 2025-12-11T01:01:31 <p>Information published.</p> 4.0 2025-12-17T14:37:25 <p>Information published.</p> 5.0 2025-12-23T01:38:10 <p>Information published.</p> c-ares has a Use After Free vulnerability when connection is cleaned up after error Mariner GitHub_M Yes CVE-2025-62408 Use After Free 20735-17084 20802-17084 20735-17084 20802-17084 Moderate 20735-17084 Moderate 20802-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20735-17084 5.9 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20802-17084 CBL-Mariner Releases 20735-17084 20802-17084 No Security Update 3.1.10-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20735-17084 20802-17084 CBL-Mariner Releases 1.0 2025-12-11T01:01:47 <p>Information published.</p> 2.0 2026-01-05T14:36:12 <p>Information published.</p> 3.0 2026-01-08T14:43:29 <p>Information published.</p> Apache HTTP Server: mod_md (ACME), unintended retry intervals Mariner apache Yes CVE-2025-55753 Integer Overflow or Wraparound 19577-17086 19625-17084 19577-17086 19625-17084 Moderate 19577-17086 Moderate 19625-17084 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U 19577-17086 7.5 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U 19625-17084 CBL-Mariner Releases 19577-17086 19625-17084 No Security Update 2.4.66-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19577-17086 19625-17084 CBL-Mariner Releases 1.0 2025-12-11T01:02:04 <p>Information published.</p> 2.0 2025-12-17T14:37:46 <p>Information published.</p> 3.0 2025-12-20T14:35:58 <p>Information published.</p> Glib: glib: buffer underflow in gvariant parser leads to heap corruption Mariner redhat Yes CVE-2025-14087 Integer Overflow or Wraparound 20752-17084 20785-17086 20803-17084 20753-17086 20752-17084 20785-17086 20803-17084 20753-17086 Moderate 20752-17084 Moderate 20785-17086 Moderate 20803-17084 Moderate 20753-17086 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20752-17084 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20785-17086 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20803-17084 5.6 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20753-17086 CBL-Mariner Releases 20752-17084 20803-17084 No Security Update 2.78.6-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20752-17084 20803-17084 CBL-Mariner Releases CBL-Mariner Releases 20785-17086 20753-17086 No Security Update 2.71.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20785-17086 20753-17086 CBL-Mariner Releases 3.0 2026-01-03T01:40:11 <p>Information published.</p> 4.0 2026-01-08T14:43:42 <p>Information published.</p> 1.0 2025-12-13T01:01:54 <p>Information published.</p> 2.0 2025-12-20T01:40:29 <p>Information published.</p> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Mariner Linux Yes CVE-2025-68223 20823-17084 20925-17086 21093-17086 20725-17084 20788-17084 20860-17084 17087-17086 20823-17084 20925-17086 21093-17086 20725-17084 20788-17084 20860-17084 17087-17086 Moderate 20823-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 17087-17086 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases 2.0 2026-01-08T14:45:30 <p>Information published.</p> 5.0 2026-02-27T14:36:39 <p>Information published.</p> 8.0 2026-03-02T14:37:01 <p>Information published.</p> 9.0 2026-03-03T14:59:23 <p>Information published.</p> 10.0 2026-03-31T15:16:57 <p>Information published.</p> 1.0 2025-12-17T01:02:04 <p>Information published.</p> 3.0 2026-01-20T14:35:56 <p>Information published.</p> 4.0 2026-02-18T14:20:02 <p>Information published.</p> 6.0 2026-02-28T01:02:02 <p>Information published.</p> 7.0 2026-02-28T01:37:24 <p>Information published.</p> drm/amdgpu: remove two invalid BUG_ON()s Mariner Linux Yes CVE-2025-68201 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20725-17084 21308-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20725-17084 21308-17084 Low 20788-17084 Low 20823-17084 Low 20860-17084 Low 20956-17084 Low 21094-17084 Low 21248-17084 Low 20725-17084 Low 21308-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20788-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20823-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20860-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20956-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21094-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21248-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20725-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21308-17084 3.0 2026-01-20T14:36:16 <p>Information published.</p> 4.0 2026-02-18T14:20:49 <p>Information published.</p> 5.0 2026-03-04T14:44:45 <p>Information published.</p> 6.0 2026-03-31T14:48:10 <p>Information published.</p> 7.0 2026-04-29T14:52:47 <p>Information published.</p> 1.0 2025-12-17T01:02:20 <p>Information published.</p> 2.0 2026-01-08T14:45:45 <p>Information published.</p> 8.0 2026-05-06T14:45:31 <p>Information published.</p> bfs: Reconstruct file type when loading from disk Mariner Linux Yes CVE-2025-68266 20788-17084 20725-17084 20788-17084 20725-17084 Important 20788-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 2.0 2026-01-08T01:38:20 <p>Information published.</p> 3.0 2026-01-08T14:45:54 <p>Information published.</p> 1.0 2025-12-17T01:02:31 <p>Information published.</p> crash: fix crashkernel resource shrink Mariner Linux Yes CVE-2025-68198 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:02:36 <p>Information published.</p> 2.0 2026-01-07T14:37:45 <p>Information published.</p> drm/amd/display: increase max link count and fix link->enc NULL pointer access Mariner Linux Yes CVE-2025-40354 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 6.8 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U 20725-17084 6.8 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U 20788-17084 1.0 2025-12-17T01:02:41 <p>Information published.</p> 2.0 2026-01-08T14:46:02 <p>Information published.</p> 3.0 2026-01-13T01:36:14 <p>Information published.</p> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Mariner Linux Yes CVE-2025-68263 20788-17084 20725-17084 20788-17084 20725-17084 Moderate 20788-17084 Moderate 20725-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 2.0 2026-01-08T14:46:11 <p>Information published.</p> 3.0 2026-01-13T01:36:19 <p>Information published.</p> 1.0 2025-12-17T01:02:47 <p>Information published.</p> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Mariner Linux Yes CVE-2025-68230 20725-17084 20823-17084 21094-17084 21248-17084 20788-17084 20860-17084 20956-17084 21308-17084 20725-17084 20823-17084 21094-17084 21248-17084 20788-17084 20860-17084 20956-17084 21308-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21308-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20725-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20823-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 21094-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 21248-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20788-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20860-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 20956-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 21308-17084 3.0 2026-01-20T14:36:26 <p>Information published.</p> 6.0 2026-03-31T14:48:34 <p>Information published.</p> 7.0 2026-04-29T14:52:58 <p>Information published.</p> 1.0 2025-12-17T01:02:52 <p>Information published.</p> 2.0 2026-01-08T14:46:20 <p>Information published.</p> 4.0 2026-02-18T14:22:16 <p>Information published.</p> 5.0 2026-03-04T14:44:51 <p>Information published.</p> 8.0 2026-05-06T14:45:39 <p>Information published.</p> ext4: refresh inline data size before write operations Mariner Linux Yes CVE-2025-68264 20823-17084 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 Moderate 20823-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-08T14:46:28 <p>Information published.</p> 3.0 2026-01-20T14:36:37 <p>Information published.</p> 1.0 2025-12-17T01:02:57 <p>Information published.</p> 4.0 2026-02-18T14:22:47 <p>Information published.</p> mm/mempool: fix poisoning order>0 pages with HIGHMEM Mariner Linux Yes CVE-2025-68231 20725-17084 20725-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:03:02 <p>Information published.</p> 2.0 2026-01-07T14:37:52 <p>Information published.</p> cifs: fix memory leak in smb3_fs_context_parse_param error path Mariner Linux Yes CVE-2025-68219 20725-17084 20725-17084 Moderate 20725-17084 5.9 5.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:03:13 <p>Information published.</p> 2.0 2026-01-07T14:38:05 <p>Information published.</p> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Mariner Linux Yes CVE-2025-68261 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 20725-17084 Important 20788-17084 Important 20823-17084 Important 20725-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20788-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20823-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 3.0 2026-01-20T14:36:47 <p>Information published.</p> 1.0 2025-12-17T01:03:23 <p>Information published.</p> 2.0 2026-01-08T14:46:36 <p>Information published.</p> 4.0 2026-02-18T14:24:17 <p>Information published.</p> amd/amdkfd: enhance kfd process check in switch partition Mariner Linux Yes CVE-2025-68174 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20725-17084 20860-17084 21308-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20725-17084 20860-17084 21308-17084 Important 20788-17084 Important 20823-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 20725-17084 Important 20860-17084 Important 21308-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20956-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21094-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21248-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20860-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 21308-17084 2.0 2026-01-08T14:46:44 <p>Information published.</p> 3.0 2026-01-20T14:36:57 <p>Information published.</p> 6.0 2026-03-31T14:48:59 <p>Information published.</p> 7.0 2026-04-29T14:53:12 <p>Information published.</p> 1.0 2025-12-17T01:03:38 <p>Information published.</p> 4.0 2026-02-18T14:25:01 <p>Information published.</p> 5.0 2026-03-04T14:44:59 <p>Information published.</p> 8.0 2026-05-06T14:45:48 <p>Information published.</p> sysfs: check visibility before changing group attribute ownership Mariner Linux Yes CVE-2025-40355 20823-17084 20956-17084 21094-17084 20725-17084 20788-17084 20860-17084 21248-17084 21308-17084 20823-17084 20956-17084 21094-17084 20725-17084 20788-17084 20860-17084 21248-17084 21308-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21248-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 3.0 2026-01-20T14:37:08 <p>Information published.</p> 4.0 2026-02-18T14:25:53 <p>Information published.</p> 5.0 2026-03-04T14:45:05 <p>Information published.</p> 6.0 2026-03-31T14:49:21 <p>Information published.</p> 7.0 2026-04-29T14:53:25 <p>Information published.</p> 1.0 2025-12-17T01:03:54 <p>Information published.</p> 2.0 2026-01-08T14:47:01 <p>Information published.</p> 8.0 2026-05-06T14:45:57 <p>Information published.</p> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Mariner Linux Yes CVE-2025-68259 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-08T14:47:28 <p>Information published.</p> 3.0 2026-01-20T14:37:30 <p>Information published.</p> 4.0 2026-02-18T14:27:07 <p>Information published.</p> 1.0 2025-12-17T01:04:10 <p>Information published.</p> binfmt_misc: restore write access before closing files opened by open_exec() Mariner Linux Yes CVE-2025-68239 20823-17084 20956-17084 20725-17084 20788-17084 20860-17084 20823-17084 20956-17084 20725-17084 20788-17084 20860-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20956-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 CBL-Mariner Releases 20956-17084 No Security Update 6.6.130.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20956-17084 CBL-Mariner Releases 2.0 2026-01-08T14:47:36 <p>Information published.</p> 3.0 2026-01-20T14:37:40 <p>Information published.</p> 4.0 2026-02-18T14:27:32 <p>Information published.</p> 6.0 2026-03-27T14:36:16 <p>Information published.</p> 1.0 2025-12-17T01:04:16 <p>Information published.</p> 5.0 2026-03-04T14:45:12 <p>Information published.</p> comedi: check device's attached status in compat ioctls Mariner Linux Yes CVE-2025-68257 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 2.0 2026-01-08T14:47:43 <p>Information published.</p> 3.0 2026-01-13T01:37:23 <p>Information published.</p> 1.0 2025-12-17T01:04:26 <p>Information published.</p> netfilter: nft_ct: add seqadj extension for natted connections Mariner Linux Yes CVE-2025-68206 20725-17084 20788-17084 20823-17084 20956-17084 20860-17084 20725-17084 20788-17084 20823-17084 20956-17084 20860-17084 Critical 20725-17084 Critical 20788-17084 Critical 20823-17084 Critical 20956-17084 Critical 20860-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 20725-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 20788-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 20823-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 20956-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 20860-17084 CBL-Mariner Releases 20956-17084 No Security Update 6.6.130.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20956-17084 CBL-Mariner Releases 2.0 2026-01-08T14:47:52 <p>Information published.</p> 3.0 2026-01-20T14:37:51 <p>Information published.</p> 5.0 2026-03-04T14:45:19 <p>Information published.</p> 6.0 2026-03-27T14:36:23 <p>Information published.</p> 1.0 2025-12-17T01:04:31 <p>Information published.</p> 4.0 2026-02-18T14:28:21 <p>Information published.</p> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Mariner Linux Yes CVE-2025-68254 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 20725-17084 Important 20788-17084 Important 20823-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20788-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20823-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20725-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-08T14:48:08 <p>Information published.</p> 3.0 2026-01-20T14:38:02 <p>Information published.</p> 1.0 2025-12-17T01:04:42 <p>Information published.</p> 4.0 2026-02-18T14:29:01 <p>Information published.</p> mlx5: Fix default values in create CQ Mariner Linux Yes CVE-2025-68209 20788-17084 20823-17084 21094-17084 21248-17084 21308-17084 20725-17084 20860-17084 20956-17084 20788-17084 20823-17084 21094-17084 21248-17084 21308-17084 20725-17084 20860-17084 20956-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 1.0 2025-12-17T01:04:47 <p>Information published.</p> 3.0 2026-01-20T14:38:12 <p>Information published.</p> 4.0 2026-02-18T14:29:22 <p>Information published.</p> 5.0 2026-03-04T14:45:25 <p>Information published.</p> 6.0 2026-03-31T14:50:13 <p>Information published.</p> 7.0 2026-04-29T14:53:38 <p>Information published.</p> 2.0 2026-01-08T14:48:16 <p>Information published.</p> 8.0 2026-05-06T14:46:05 <p>Information published.</p> mtdchar: fix integer overflow in read/write ioctls Mariner Linux Yes CVE-2025-68237 20725-17084 20725-17084 Important 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:04:53 <p>Information published.</p> 2.0 2026-01-07T14:38:38 <p>Information published.</p> drm/tegra: Add call to put_pid() Mariner Linux Yes CVE-2025-68233 20725-17084 20725-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:37:52 <p>Information published.</p> 1.0 2025-12-17T01:05:09 <p>Information published.</p> 2.0 2026-01-07T14:38:58 <p>Information published.</p> In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet. Mariner mitre Yes CVE-2025-67897 Signed to Unsigned Conversion Error 20824-17084 20421-17084 20824-17084 20421-17084 Moderate 20824-17084 Moderate 20421-17084 5.3 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20824-17084 5.3 4.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20421-17084 1.0 2025-12-17T01:05:50 <p>Information published.</p> 2.0 2026-01-20T14:38:32 <p>Information published.</p> Potential non-constant time compiled code with Clang LLVM Mariner wolfSSL Yes CVE-2025-13912 Observable Discrepancy 20778-17086 19283-17084 20085-17086 20778-17086 19283-17084 20085-17086 Low 20778-17086 Low 19283-17084 Low 20085-17086 CBL-Mariner Releases 20778-17086 20085-17086 No Security Update 10.6.24-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20778-17086 20085-17086 CBL-Mariner Releases CBL-Mariner Releases 19283-17084 No Security Update 10.11.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19283-17084 CBL-Mariner Releases 2.0 2025-12-30T01:36:30 <p>Information published.</p> 3.0 2026-01-03T01:40:44 <p>Information published.</p> 4.0 2026-01-13T01:38:22 <p>Information published.</p> 1.0 2025-12-17T01:05:58 <p>Information published.</p> libceph: fix potential use-after-free in have_mon_and_osd_map() Mariner Linux Yes CVE-2025-68285 20725-17084 20725-17084 Important 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:02:21 <p>Information published.</p> 2.0 2026-01-07T14:39:18 <p>Information published.</p> platform/x86: intel: punit_ipc: fix memory corruption Mariner Linux Yes CVE-2025-68303 20725-17084 20725-17084 Important 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:03:09 <p>Information published.</p> 2.0 2026-01-08T01:38:41 <p>Information published.</p> Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Mariner Linux Yes CVE-2025-68304 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20788-17084 21308-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 20788-17084 21308-17084 Important 20725-17084 Important 20823-17084 Important 20860-17084 Important 20956-17084 Important 21094-17084 Important 21248-17084 Important 20788-17084 Important 21308-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 1.0 2025-12-18T01:03:36 <p>Information published.</p> 2.0 2026-01-08T14:49:05 <p>Information published.</p> 3.0 2026-01-20T14:38:43 <p>Information published.</p> 4.0 2026-02-19T01:04:46 <p>Information published.</p> 5.0 2026-03-04T14:45:39 <p>Information published.</p> 6.0 2026-03-31T14:52:44 <p>Information published.</p> 7.0 2026-04-29T14:54:05 <p>Information published.</p> 8.0 2026-05-06T14:46:23 <p>Information published.</p> net: atlantic: fix fragment overflow handling in RX path Mariner Linux Yes CVE-2025-68301 20725-17084 20725-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:03:41 <p>Information published.</p> 2.0 2026-01-08T01:38:53 <p>Information published.</p> most: usb: fix double free on late probe failure Mariner Linux Yes CVE-2025-68290 20725-17084 20725-17084 Important 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:03:51 <p>Information published.</p> 2.0 2026-01-07T14:40:04 <p>Information published.</p> 3.0 2026-01-08T01:38:59 <p>Information published.</p> scsi: imm: Fix use-after-free bug caused by unfinished delayed work Mariner Linux Yes CVE-2025-68324 20725-17084 20788-17084 20823-17084 20956-17084 20860-17084 21094-17084 21248-17084 21308-17084 20725-17084 20788-17084 20823-17084 20956-17084 20860-17084 21094-17084 21248-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-20T01:01:19 <p>Information published.</p> 3.0 2026-01-20T14:38:52 <p>Information published.</p> 5.0 2026-03-04T14:45:52 <p>Information published.</p> 7.0 2026-04-29T14:54:30 <p>Information published.</p> 2.0 2026-01-08T14:49:48 <p>Information published.</p> 4.0 2026-02-18T01:56:58 <p>Information published.</p> 6.0 2026-03-31T14:55:08 <p>Information published.</p> 8.0 2026-05-06T14:46:40 <p>Information published.</p> Elasticsearch Allocation of Resources Without Limits or Throttling Mariner elastic Yes CVE-2025-68390 Allocation of Resources Without Limits or Throttling 20188-17084 20182-17086 20188-17084 20182-17086 Moderate 20188-17084 Moderate 20182-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20188-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20182-17086 1.0 2025-12-20T01:01:25 <p>Information published.</p> 2.0 2025-12-21T01:02:03 <p>Information published.</p> 3.0 2025-12-23T01:37:15 <p>Information published.</p> simple protocol server ignores accepts unlimited connections and logs failures without limit Mariner GitHub_M Yes CVE-2025-59529 Uncontrolled Resource Consumption 19803-17086 17556-17084 20826-17084 20861-17086 20862-17084 21205-17084 19803-17086 17556-17084 20826-17084 20861-17086 20862-17084 21205-17084 Moderate 19803-17086 Moderate 17556-17084 Moderate 20826-17084 Moderate 20861-17086 Moderate 20862-17084 Moderate 21205-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19803-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17556-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20826-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20861-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20862-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21205-17084 1.0 2025-12-21T01:02:12 <p>Information published.</p> 3.0 2026-01-20T14:39:04 <p>Information published.</p> 2.0 2025-12-23T01:37:23 <p>Information published.</p> 4.0 2026-02-18T02:00:05 <p>Information published.</p> 5.0 2026-04-14T14:39:38 <p>Information published.</p> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Mariner Linux Yes CVE-2025-68331 20725-17084 20725-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-24T01:01:24 <p>Information published.</p> 2.0 2026-01-07T14:40:40 <p>Information published.</p> usb: renesas_usbhs: Fix synchronous external abort on unbind Mariner Linux Yes CVE-2025-68327 20725-17084 20725-17084 Moderate 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-24T01:01:46 <p>Information published.</p> 2.0 2026-01-07T14:40:47 <p>Information published.</p> locking/spinlock/debug: Fix data-race in do_raw_write_lock Mariner Linux Yes CVE-2025-68336 20823-17084 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 Moderate 20823-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-08T14:50:36 <p>Information published.</p> 3.0 2026-01-20T14:39:24 <p>Information published.</p> 1.0 2025-12-24T01:01:57 <p>Information published.</p> 4.0 2026-02-18T02:08:21 <p>Information published.</p> iio: accel: bmc150: Fix irq assumption regression Mariner Linux Yes CVE-2025-68330 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:41:31 <p>Information published.</p> 1.0 2025-12-24T01:02:02 <p>Information published.</p> 2.0 2026-01-07T14:40:53 <p>Information published.</p> net: dsa: microchip: Don't free uninitialized ksz_irq Mariner Linux Yes CVE-2025-68338 20725-17084 20860-17084 20956-17084 21248-17084 20788-17084 20823-17084 21094-17084 21308-17084 20725-17084 20860-17084 20956-17084 21248-17084 20788-17084 20823-17084 21094-17084 21308-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 21094-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 3.0 2026-01-20T14:39:44 <p>Information published.</p> 5.0 2026-03-04T14:46:05 <p>Information published.</p> 6.0 2026-03-31T14:59:18 <p>Information published.</p> 1.0 2025-12-24T01:04:35 <p>Information published.</p> 2.0 2026-01-08T14:35:32 <p>Information published.</p> 4.0 2026-02-18T02:13:30 <p>Information published.</p> 7.0 2026-04-29T14:54:42 <p>Information published.</p> 8.0 2026-05-06T14:46:49 <p>Information published.</p> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Mariner Linux Yes CVE-2025-68345 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:07 <p>Information published.</p> 3.0 2026-01-08T14:36:39 <p>Information published.</p> 2.0 2025-12-26T14:36:11 <p>Information published.</p> 4.0 2026-01-20T14:40:35 <p>Information published.</p> 5.0 2026-02-18T02:21:04 <p>Information published.</p> iomap: allocate s_dio_done_wq for async reads as well Mariner Linux Yes CVE-2025-68357 20725-17084 20956-17084 20788-17084 20725-17084 20956-17084 20788-17084 Moderate 20725-17084 Moderate 20956-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20956-17084 No Security Update 6.6.130.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20956-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:28 <p>Information published.</p> 2.0 2025-12-26T14:36:30 <p>Information published.</p> 3.0 2026-01-08T14:37:11 <p>Information published.</p> 4.0 2026-03-26T01:37:02 <p>Information published.</p> 5.0 2026-03-27T14:36:38 <p>Information published.</p> nbd: defer config unlock in nbd_genl_connect Mariner Linux Yes CVE-2025-68366 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:34 <p>Information published.</p> 3.0 2026-01-08T14:37:22 <p>Information published.</p> 4.0 2026-01-20T14:41:05 <p>Information published.</p> 2.0 2025-12-26T14:36:35 <p>Information published.</p> 5.0 2026-02-18T02:24:10 <p>Information published.</p> landlock: Fix handling of disconnected directories Mariner Linux Yes CVE-2025-68736 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20860-17084 21308-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20860-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20860-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-25T01:03:39 <p>Information published.</p> 4.0 2026-01-20T14:41:15 <p>Information published.</p> 7.0 2026-03-31T15:01:33 <p>Information published.</p> 8.0 2026-04-29T14:54:55 <p>Information published.</p> 2.0 2025-12-26T14:36:40 <p>Information published.</p> 3.0 2026-01-08T14:37:32 <p>Information published.</p> 5.0 2026-02-18T02:24:55 <p>Information published.</p> 6.0 2026-03-04T14:46:12 <p>Information published.</p> 9.0 2026-05-06T14:46:57 <p>Information published.</p> scsi: qla2xxx: Clear cmds after chip reset Mariner Linux Yes CVE-2025-68745 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21248-17084 21094-17084 21308-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21248-17084 21094-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21094-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-25T01:03:44 <p>Information published.</p> 6.0 2026-03-04T14:46:19 <p>Information published.</p> 7.0 2026-03-31T15:01:55 <p>Information published.</p> 8.0 2026-04-29T14:55:07 <p>Information published.</p> 2.0 2025-12-26T14:36:45 <p>Information published.</p> 3.0 2026-01-08T14:37:42 <p>Information published.</p> 4.0 2026-01-20T14:41:25 <p>Information published.</p> 5.0 2026-02-18T02:25:37 <p>Information published.</p> 9.0 2026-05-06T14:47:06 <p>Information published.</p> wifi: ath12k: Fix MSDU buffer types handling in RX error path Mariner Linux Yes CVE-2025-68729 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-25T01:03:49 <p>Information published.</p> 2.0 2025-12-26T14:36:50 <p>Information published.</p> 4.0 2026-01-08T14:37:51 <p>Information published.</p> 3.0 2026-01-08T01:40:01 <p>Information published.</p> bpf: Free special fields when update [lru_,]percpu_hash maps Mariner Linux Yes CVE-2025-68744 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:54 <p>Information published.</p> 4.0 2026-01-20T14:41:35 <p>Information published.</p> 2.0 2025-12-26T14:36:55 <p>Information published.</p> 3.0 2026-01-08T14:38:01 <p>Information published.</p> 5.0 2026-02-18T02:26:56 <p>Information published.</p> ima: Handle error code returned by ima_filter_rule_match() Mariner Linux Yes CVE-2025-68740 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:05:03 <p>Information published.</p> 3.0 2026-01-08T14:40:03 <p>Information published.</p> 4.0 2026-01-20T14:43:02 <p>Information published.</p> 5.0 2026-02-18T02:34:12 <p>Information published.</p> 2.0 2025-12-26T14:37:57 <p>Information published.</p> RDMA/rxe: Fix null deref on srq->rq.queue after resize failure Mariner Linux Yes CVE-2025-68379 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:05:14 <p>Information published.</p> 4.0 2026-01-20T14:43:22 <p>Information published.</p> 5.0 2026-02-18T02:35:33 <p>Information published.</p> 2.0 2025-12-26T14:38:07 <p>Information published.</p> 3.0 2026-01-08T14:40:23 <p>Information published.</p> ALSA: dice: fix buffer overflow in detect_stream_formats() Mariner Linux Yes CVE-2025-68346 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-25T01:05:19 <p>Information published.</p> 4.0 2026-01-08T14:40:32 <p>Information published.</p> 2.0 2025-12-26T14:38:12 <p>Information published.</p> 3.0 2026-01-08T01:40:11 <p>Information published.</p> In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line. Mariner mitre Yes CVE-2025-68972 Improper Verification of Cryptographic Signature 20945-17086 20333-17084 20331-17086 20945-17086 20333-17084 20331-17086 Moderate 20945-17086 Moderate 20333-17084 Moderate 20331-17086 5.9 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P 20945-17086 5.9 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P 20333-17084 5.9 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:P 20331-17086 CBL-Mariner Releases 20333-17084 No Security Update 2.4.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20333-17084 CBL-Mariner Releases 1.0 2025-12-29T01:01:18 <p>Information published.</p> 5.0 2026-01-13T01:44:08 <p>Information published.</p> 2.0 2025-12-29T14:35:53 <p>Information published.</p> 3.0 2026-01-06T14:36:03 <p>Information published.</p> 4.0 2026-01-11T01:01:21 <p>Information published.</p> 6.0 2026-03-03T14:52:31 <p>Information published.</p> NULL Pointer Dereference in PDO quoting Mariner php Yes CVE-2025-14180 NULL Pointer Dereference 19545-17086 20800-17084 20163-17084 19545-17086 20800-17084 20163-17084 Moderate 19545-17086 Important 20800-17084 Important 20163-17084 5.9 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P 19545-17086 CBL-Mariner Releases 19545-17086 No Security Update 8.1.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19545-17086 CBL-Mariner Releases 1.0 2025-12-29T01:01:34 <p>Information published.</p> 2.0 2025-12-29T14:36:08 <p>Information published.</p> 4.0 2026-01-03T01:36:31 <p>Information published.</p> 3.0 2025-12-31T01:02:05 <p>Information published.</p> 5.0 2026-01-08T14:42:45 <p>Information published.</p> 6.0 2026-01-21T01:40:22 <p>Information published.</p> HID: uclogic: Correct devm device reference for hidinput input_dev name Mariner Linux Yes CVE-2023-54207 Use After Free 17087-17086 17087-17086 Important 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 2.0 2026-03-03T14:56:41 <p>Information published.</p> 1.0 2026-02-28T01:01:22 <p>Information published.</p> Excessive resource consumption when printing error string for host certificate validation in crypto/x509 Mariner Go Yes CVE-2025-61729 19712-17086 19693-17084 17667-17084 20688-17086 20707-17084 20942-17086 20973-17084 21051-17084 21117-17086 20519-17086 20387-17086 20074-17084 20596-17084 18447-17086 18315-17084 20597-17086 19668-17086 20687-17086 20863-17084 20867-17086 21113-17084 21203-17084 19712-17086 19693-17084 17667-17084 20688-17086 20707-17084 20942-17086 20973-17084 21051-17084 21117-17086 20519-17086 20387-17086 20074-17084 20596-17084 18447-17086 18315-17084 20597-17086 19668-17086 20687-17086 20863-17084 20867-17086 21113-17084 21203-17084 Important 19712-17086 Important 19693-17084 Important 17667-17084 Important 20688-17086 Important 20707-17084 Low 20942-17086 Low 20973-17084 Low 21051-17084 Low 21117-17086 Important 20519-17086 Important 20387-17086 Important 20074-17084 Important 20596-17084 Important 18447-17086 Important 18315-17084 Important 20597-17086 Important 19668-17086 Important 20687-17086 Low 20863-17084 Low 20867-17086 Low 21113-17084 Low 21203-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20688-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20707-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20942-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20973-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21051-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21117-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20519-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20387-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20074-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20596-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18447-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20597-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20687-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20863-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20867-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21113-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21203-17084 3.0 2025-12-07T01:40:29 <p>Information published.</p> 4.0 2025-12-09T01:37:35 <p>Information published.</p> 5.0 2025-12-12T01:38:08 <p>Information published.</p> 6.0 2025-12-13T01:38:50 <p>Information published.</p> 8.0 2026-03-03T15:01:34 <p>Information published.</p> 9.0 2026-03-04T14:43:49 <p>Information published.</p> 10.0 2026-03-12T01:36:56 <p>Information published.</p> 11.0 2026-03-31T15:12:12 <p>Information published.</p> 13.0 2026-04-15T01:39:31 <p>Information published.</p> 1.0 2025-12-05T01:01:55 <p>Information published.</p> 2.0 2025-12-06T14:41:10 <p>Information published.</p> 7.0 2026-02-21T04:15:18 <p>Information published.</p> 12.0 2026-04-14T14:39:18 <p>Information published.</p> LIBPNG has an out-of-bounds read in png_image_read_composite Mariner GitHub_M Yes CVE-2025-66293 Out-of-bounds Read 20684-17086 20674-17084 19626-17084 16848-17084 17667-17084 20185-17086 18434-17086 19668-17086 20684-17086 20674-17084 19626-17084 16848-17084 17667-17084 20185-17086 18434-17086 19668-17086 Moderate 20684-17086 Important 20674-17084 Important 19626-17084 Important 16848-17084 Important 17667-17084 Important 20185-17086 Important 18434-17086 Important 19668-17086 7.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U 20684-17086 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 20674-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 19626-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 16848-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 17667-17084 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 20185-17086 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 18434-17086 7.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 19668-17086 CBL-Mariner Releases 20684-17086 20674-17084 No Security Update 1.6.52-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20684-17086 20674-17084 CBL-Mariner Releases CBL-Mariner Releases 19626-17084 No Security Update 6.6.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19626-17084 CBL-Mariner Releases CBL-Mariner Releases 20185-17086 No Security Update 5.12.11-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20185-17086 CBL-Mariner Releases 2.0 2025-12-06T01:03:56 <p>Information published.</p> 3.0 2025-12-06T14:41:26 <p>Information published.</p> 5.0 2025-12-08T14:38:09 <p>Information published.</p> 6.0 2025-12-09T01:40:02 <p>Information published.</p> 7.0 2025-12-17T14:36:58 <p>Information published.</p> 8.0 2026-01-08T01:37:57 <p>Information published.</p> 1.0 2025-12-05T01:02:40 <p>Information published.</p> 4.0 2025-12-07T01:04:04 <p>Information published.</p> pidfs: validate extensible ioctls Mariner Linux Yes CVE-2025-40217 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-05T01:03:44 <p>Information published.</p> 3.0 2025-12-07T01:41:41 <p>Information published.</p> 4.0 2025-12-09T01:37:58 <p>Information published.</p> 2.0 2025-12-06T01:38:05 <p>Information published.</p> fuse: fix livelock in synchronous file put from fuseblk workers Mariner Linux Yes CVE-2025-40220 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-05T01:03:49 <p>Information published.</p> 3.0 2025-12-07T01:41:54 <p>Information published.</p> 2.0 2025-12-05T14:35:48 <p>Information published.</p> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Mariner Linux Yes CVE-2025-40219 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-05T01:03:55 <p>Information published.</p> 2.0 2025-12-07T01:42:09 <p>Information published.</p> KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc Mariner VulnCheck Yes CVE-2025-34297 Integer Overflow or Wraparound 19668-17086 17667-17084 19668-17086 17667-17084 Important 19668-17086 Important 17667-17084 1.0 2025-12-05T01:04:22 <p>Information published.</p> 2.0 2025-12-09T01:38:14 <p>Information published.</p> Improper validation of <img> tag size in Text component parser Mariner TQtC Yes CVE-2025-12385 Allocation of Resources Without Limits or Throttling 20185-17086 20722-17084 20723-17086 20185-17086 20722-17084 20723-17086 Important 20185-17086 Important 20722-17084 Important 20723-17086 CBL-Mariner Releases 20722-17084 No Security Update 6.6.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20722-17084 CBL-Mariner Releases CBL-Mariner Releases 20723-17086 No Security Update 5.12.5-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20723-17086 CBL-Mariner Releases 1.0 2025-12-06T01:01:43 <p>Information published.</p> 3.0 2025-12-08T14:38:17 <p>Information published.</p> 4.0 2025-12-17T14:37:05 <p>Information published.</p> 2.0 2025-12-07T01:04:13 <p>Information published.</p> 5.0 2026-03-18T14:35:44 <p>Information published.</p> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Mariner Linux Yes CVE-2025-40261 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20613-17084 6.6 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:01:54 <p>Information published.</p> 2.0 2025-12-07T01:42:49 <p>Information published.</p> 3.0 2026-01-07T14:36:10 <p>Information published.</p> mptcp: fix a race in mptcp_pm_del_add_timer() Mariner Linux Yes CVE-2025-40257 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20613-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:05 <p>Information published.</p> 2.0 2025-12-07T01:43:10 <p>Information published.</p> 3.0 2026-01-07T14:36:16 <p>Information published.</p> scsi: sg: Do not sleep in atomic context Mariner Linux Yes CVE-2025-40259 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20613-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:32 <p>Information published.</p> 2.0 2025-12-07T01:44:07 <p>Information published.</p> 3.0 2026-01-07T14:36:36 <p>Information published.</p> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Mariner Linux Yes CVE-2025-40244 20613-17084 20613-17084 Critical 20613-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:37 <p>Information published.</p> 2.0 2025-12-07T01:44:21 <p>Information published.</p> 3.0 2025-12-09T01:38:49 <p>Information published.</p> vsock: Ignore signal/timeout on connect() if already established Mariner Linux Yes CVE-2025-40248 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 2.0 2025-12-07T01:44:41 <p>Information published.</p> 1.0 2025-12-06T01:02:48 <p>Information published.</p> 3.0 2026-01-07T14:36:49 <p>Information published.</p> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Mariner Linux Yes CVE-2025-40243 20613-17084 20613-17084 Moderate 20613-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-06T01:02:59 <p>Information published.</p> 2.0 2025-12-07T01:45:09 <p>Information published.</p> 3.0 2025-12-09T01:39:00 <p>Information published.</p> s390/ctcm: Fix double-kfree Mariner Linux Yes CVE-2025-40253 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-06T01:03:10 <p>Information published.</p> 2.0 2025-12-07T01:45:31 <p>Information published.</p> 3.0 2025-12-09T01:39:05 <p>Information published.</p> KVM: arm64: Check the untrusted offset in FF-A memory share Mariner Linux Yes CVE-2025-40266 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20613-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-06T01:03:37 <p>Information published.</p> 2.0 2025-12-07T01:46:28 <p>Information published.</p> 3.0 2026-01-07T14:37:17 <p>Information published.</p> Input: cros_ec_keyb - fix an invalid memory access Mariner Linux Yes CVE-2025-40263 20613-17084 20725-17084 20613-17084 20725-17084 Moderate 20613-17084 Moderate 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 1.0 2025-12-06T01:03:43 <p>Information published.</p> 2.0 2025-12-07T01:46:39 <p>Information published.</p> 3.0 2025-12-09T01:39:15 <p>Information published.</p> Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Mariner Go Yes CVE-2025-61727 20519-17086 20973-17084 21051-17084 21113-17084 21117-17086 20387-17086 20074-17084 20707-17084 18315-17084 19693-17084 20688-17086 17667-17084 20687-17086 19712-17086 19668-17086 20863-17084 20867-17086 20942-17086 21203-17084 20519-17086 20973-17084 21051-17084 21113-17084 21117-17086 20387-17086 20074-17084 20707-17084 18315-17084 19693-17084 20688-17086 17667-17084 20687-17086 19712-17086 19668-17086 20863-17084 20867-17086 20942-17086 21203-17084 Moderate 20519-17086 Low 20973-17084 Low 21051-17084 Low 21113-17084 Low 21117-17086 Moderate 20387-17086 Low 20074-17084 Moderate 20707-17084 Moderate 18315-17084 Moderate 19693-17084 Moderate 20688-17086 Moderate 17667-17084 Low 20687-17086 Moderate 19712-17086 Moderate 19668-17086 Low 20863-17084 Low 20867-17086 Low 20942-17086 Low 21203-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20519-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20973-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21051-17084 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21113-17084 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 21117-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20387-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20074-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20707-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 18315-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19693-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 20688-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 17667-17084 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 20687-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19712-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 19668-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20863-17084 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 20867-17086 3.4 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 20942-17086 3.7 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 21203-17084 1.0 2025-12-06T01:03:51 <p>Information published.</p> 4.0 2025-12-09T01:39:36 <p>Information published.</p> 5.0 2025-12-12T01:38:32 <p>Information published.</p> 6.0 2025-12-13T01:39:00 <p>Information published.</p> 8.0 2026-03-03T15:03:06 <p>Information published.</p> 10.0 2026-03-12T01:37:04 <p>Information published.</p> 11.0 2026-03-31T15:14:43 <p>Information published.</p> 12.0 2026-04-14T14:39:26 <p>Information published.</p> 2.0 2025-12-07T01:01:45 <p>Information published.</p> 3.0 2025-12-08T14:36:07 <p>Information published.</p> 7.0 2026-02-21T03:31:31 <p>Information published.</p> 9.0 2026-03-04T14:44:03 <p>Information published.</p> Quadratic complexity in node ID cache clearing Mariner PSF Yes CVE-2025-12084 Inefficient Algorithmic Complexity 20685-17086 20790-17084 20916-17086 20937-17086 20708-17084 17667-17084 20685-17086 20790-17084 20916-17086 20937-17086 20708-17084 17667-17084 Moderate 20685-17086 Moderate 20790-17084 Moderate 20916-17086 Moderate 20937-17086 Moderate 20708-17084 Moderate 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20685-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20790-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20916-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20937-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 20708-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17667-17084 CBL-Mariner Releases 20790-17084 20708-17084 No Security Update 3.12.9-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20790-17084 20708-17084 CBL-Mariner Releases CBL-Mariner Releases 20916-17086 20937-17086 No Security Update 3.9.19-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20916-17086 20937-17086 CBL-Mariner Releases 1.0 2025-12-06T01:04:08 <p>Information published.</p> 3.0 2025-12-08T14:36:14 <p>Information published.</p> 4.0 2025-12-09T01:39:42 <p>Information published.</p> 7.0 2026-02-21T03:33:23 <p>Information published.</p> 8.0 2026-03-03T15:02:48 <p>Information published.</p> 2.0 2025-12-07T01:01:53 <p>Information published.</p> 5.0 2025-12-31T01:36:45 <p>Information published.</p> 6.0 2026-01-08T14:42:07 <p>Information published.</p> Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo Mariner apache Yes CVE-2025-66200 Authentication Bypass Using an Alternate Path or Channel 19625-17084 19577-17086 19625-17084 19577-17086 Moderate 19625-17084 Moderate 19577-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 19625-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 19577-17086 CBL-Mariner Releases 19625-17084 19577-17086 No Security Update 2.4.66-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19625-17084 19577-17086 CBL-Mariner Releases 4.0 2025-12-20T14:35:45 <p>Information published.</p> 1.0 2025-12-07T01:03:38 <p>Information published.</p> 2.0 2025-12-08T14:37:44 <p>Information published.</p> 3.0 2025-12-17T14:37:12 <p>Information published.</p> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Mariner Linux Yes CVE-2025-40273 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:01:19 <p>Information published.</p> 2.0 2025-12-09T01:41:05 <p>Information published.</p> 3.0 2025-12-16T14:38:06 <p>Information published.</p> tipc: Fix use-after-free in tipc_mon_reinit_self(). Mariner Linux Yes CVE-2025-40280 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:01:31 <p>Information published.</p> 3.0 2025-12-16T14:38:19 <p>Information published.</p> 2.0 2025-12-09T01:41:15 <p>Information published.</p> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Mariner Linux Yes CVE-2025-40281 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:01:37 <p>Information published.</p> 3.0 2025-12-16T14:38:25 <p>Information published.</p> 2.0 2025-12-09T01:41:20 <p>Information published.</p> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Mariner Linux Yes CVE-2025-40269 20613-17084 20613-17084 Moderate 20613-17084 4.3 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:01:43 <p>Information published.</p> 2.0 2025-12-09T01:41:25 <p>Information published.</p> 3.0 2025-12-16T14:38:32 <p>Information published.</p> drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Mariner Linux Yes CVE-2025-40289 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-08T01:04:52 <p>Information published.</p> 2.0 2025-12-08T14:38:27 <p>Information published.</p> 4.0 2026-01-20T14:51:02 <p>Information published.</p> 5.0 2026-02-21T03:48:27 <p>Information published.</p> 6.0 2026-03-04T14:44:11 <p>Information published.</p> 7.0 2026-03-31T15:15:05 <p>Information published.</p> 8.0 2026-04-29T14:51:56 <p>Information published.</p> 9.0 2026-05-06T14:44:31 <p>Information published.</p> 3.0 2026-01-08T14:42:48 <p>Information published.</p> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Mariner Linux Yes CVE-2025-40278 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20613-17084 1.0 2025-12-08T01:04:58 <p>Information published.</p> 2.0 2025-12-09T01:40:12 <p>Information published.</p> cifs: client: fix memory leak in smb3_fs_context_parse_param Mariner Linux Yes CVE-2025-40268 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:03 <p>Information published.</p> 3.0 2025-12-16T14:37:14 <p>Information published.</p> 2.0 2025-12-09T01:40:17 <p>Information published.</p> mm/secretmem: fix use-after-free race in fault handler Mariner Linux Yes CVE-2025-40272 20613-17084 20613-17084 Important 20613-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:08 <p>Information published.</p> 3.0 2025-12-16T14:37:21 <p>Information published.</p> 2.0 2025-12-09T01:40:22 <p>Information published.</p> drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Mariner Linux Yes CVE-2025-40288 20613-17084 20613-17084 Moderate 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:19 <p>Information published.</p> 2.0 2025-12-09T01:40:31 <p>Information published.</p> 3.0 2025-12-16T14:37:34 <p>Information published.</p> Bluetooth: MGMT: cancel mesh send timer when hdev removed Mariner Linux Yes CVE-2025-40284 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:25 <p>Information published.</p> 2.0 2025-12-09T01:40:36 <p>Information published.</p> 3.0 2025-12-16T14:37:40 <p>Information published.</p> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Mariner Linux Yes CVE-2025-40283 20613-17084 20613-17084 Moderate 20613-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:41 <p>Information published.</p> 2.0 2025-12-09T01:40:51 <p>Information published.</p> 3.0 2025-12-16T14:37:47 <p>Information published.</p> smb/server: fix possible memory leak in smb2_read() Mariner Linux Yes CVE-2025-40286 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-08T01:05:35 <p>Information published.</p> 2.0 2025-12-09T01:40:46 <p>Information published.</p> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Mariner Linux Yes CVE-2025-40279 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:46 <p>Information published.</p> 3.0 2025-12-16T14:37:53 <p>Information published.</p> 2.0 2025-12-09T01:40:56 <p>Information published.</p> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Mariner Linux Yes CVE-2025-40282 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-08T01:05:52 <p>Information published.</p> 3.0 2025-12-16T14:38:00 <p>Information published.</p> 2.0 2025-12-09T01:41:00 <p>Information published.</p> x86: fix clear_user_rep_good() exception handling annotation Mariner Linux Yes CVE-2023-53749 20725-17084 20725-17084 Moderate 20725-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20725-17084 1.0 2025-12-09T01:01:20 <p>Information published.</p> Bluetooth: bcsp: receive data only if registered Mariner Linux Yes CVE-2025-40308 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:01:31 <p>Information published.</p> 2.0 2025-12-16T14:38:38 <p>Information published.</p> Bluetooth: SCO: Fix UAF on sco_conn_free Mariner Linux Yes CVE-2025-40309 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-09T01:01:37 <p>Information published.</p> 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN Mariner Linux Yes CVE-2025-40305 20725-17084 20725-17084 Moderate 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 1.0 2025-12-09T01:01:42 <p>Information published.</p> iommufd: Don't overflow during division for dirty tracking Mariner Linux Yes CVE-2025-40293 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-09T01:01:47 <p>Information published.</p> virtio-net: fix received length check in big packets Mariner Linux Yes CVE-2025-40292 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:38:45 <p>Information published.</p> 1.0 2025-12-09T01:01:52 <p>Information published.</p> orangefs: fix xattr related buffer overflow... Mariner Linux Yes CVE-2025-40306 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-09T01:01:58 <p>Information published.</p> bpf: Sync pending IRQ work before freeing ring buffer Mariner Linux Yes CVE-2025-40319 20613-17084 20613-17084 Important 20613-17084 7.8 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:38:51 <p>Information published.</p> 1.0 2025-12-09T01:02:03 <p>Information published.</p> jfs: Verify inode mode when loading from disk Mariner Linux Yes CVE-2025-40312 20613-17084 20613-17084 Important 20613-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20613-17084 1.0 2025-12-09T01:02:09 <p>Information published.</p> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Mariner Linux Yes CVE-2025-40315 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-09T01:02:15 <p>Information published.</p> regmap: slimbus: fix bus_context pointer in regmap init calls Mariner Linux Yes CVE-2025-40317 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-09T01:02:25 <p>Information published.</p> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Mariner Linux Yes CVE-2025-40321 20613-17084 20613-17084 Moderate 20613-17084 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:38:58 <p>Information published.</p> 1.0 2025-12-09T01:02:30 <p>Information published.</p> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Mariner Linux Yes CVE-2025-40304 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:02:41 <p>Information published.</p> 2.0 2025-12-16T14:39:10 <p>Information published.</p> ntfs3: pretend $Extend records as regular files Mariner Linux Yes CVE-2025-40313 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 1.0 2025-12-09T01:02:47 <p>Information published.</p> Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Mariner Linux Yes CVE-2025-40294 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:02:52 <p>Information published.</p> 2.0 2025-12-16T14:39:17 <p>Information published.</p> amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw Mariner Linux Yes CVE-2025-40310 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:02:57 <p>Information published.</p> 2.0 2025-12-16T14:39:23 <p>Information published.</p> fbcon: Set fb_display[i]->mode to NULL when the mode is released Mariner Linux Yes CVE-2025-40323 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:39:30 <p>Information published.</p> 1.0 2025-12-09T01:03:02 <p>Information published.</p> accel/habanalabs: support mapping cb with vmalloc-backed coherent memory Mariner Linux Yes CVE-2025-40311 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:03:08 <p>Information published.</p> 2.0 2025-12-16T14:39:36 <p>Information published.</p> fbdev: bitblit: bound-check glyph index in bit_putcs* Mariner Linux Yes CVE-2025-40322 20613-17084 20613-17084 Moderate 20613-17084 7.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-09T01:03:13 <p>Information published.</p> 2.0 2025-12-16T14:39:43 <p>Information published.</p> NFSD: Fix crash in nfsd4_read_release() Mariner Linux Yes CVE-2025-40324 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:40:02 <p>Information published.</p> 1.0 2025-12-09T01:03:29 <p>Information published.</p> futex: Don't leak robust_list pointer on exec race Mariner Linux Yes CVE-2025-40341 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-10T01:01:29 <p>Information published.</p> 2.0 2025-12-16T14:40:09 <p>Information published.</p> nvmet-fc: avoid scheduling association deletion twice Mariner Linux Yes CVE-2025-40343 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-10T01:01:35 <p>Information published.</p> 2.0 2025-12-16T14:40:15 <p>Information published.</p> sctp: Prevent TOCTOU out-of-bounds write Mariner Linux Yes CVE-2025-40331 20613-17084 20613-17084 Moderate 20613-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:40:22 <p>Information published.</p> 1.0 2025-12-10T01:01:41 <p>Information published.</p> drm/amdgpu: validate userq input args Mariner Linux Yes CVE-2025-40335 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 1.0 2025-12-10T01:01:46 <p>Information published.</p> 2.0 2026-01-08T14:42:58 <p>Information published.</p> 3.0 2026-01-20T14:51:11 <p>Information published.</p> drm/amdgpu: fix nullptr err of vm_handle_moved Mariner Linux Yes CVE-2025-40339 20823-17084 20860-17084 20956-17084 21094-17084 20725-17084 20788-17084 21248-17084 21308-17084 20823-17084 20860-17084 20956-17084 21094-17084 20725-17084 20788-17084 21248-17084 21308-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 21248-17084 Moderate 21308-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20860-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20956-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21248-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21308-17084 2.0 2026-01-08T14:43:08 <p>Information published.</p> 3.0 2026-01-20T14:51:20 <p>Information published.</p> 5.0 2026-03-04T14:44:17 <p>Information published.</p> 6.0 2026-03-31T15:15:25 <p>Information published.</p> 7.0 2026-04-29T14:52:09 <p>Information published.</p> 1.0 2025-12-10T01:01:52 <p>Information published.</p> 4.0 2026-02-18T14:04:00 <p>Information published.</p> 8.0 2026-05-06T14:44:40 <p>Information published.</p> drm/gpusvm: fix hmm_pfn_to_map_order() usage Mariner Linux Yes CVE-2025-40336 20725-17084 20725-17084 Moderate 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 2.0 2025-12-11T01:36:26 <p>Information published.</p> 1.0 2025-12-10T01:02:03 <p>Information published.</p> drm/amdkfd: Fix mmap write lock not release Mariner Linux Yes CVE-2025-40332 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20823-17084 1.0 2025-12-10T01:02:09 <p>Information published.</p> 2.0 2026-01-08T14:43:18 <p>Information published.</p> 3.0 2026-01-20T14:51:28 <p>Information published.</p> f2fs: fix infinite loop in __insert_extent_tree() Mariner Linux Yes CVE-2025-40333 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 2.0 2025-12-16T14:40:47 <p>Information published.</p> 1.0 2025-12-10T01:02:28 <p>Information published.</p> drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. Mariner Linux Yes CVE-2025-40340 20725-17084 20725-17084 Moderate 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 1.0 2025-12-10T01:02:33 <p>Information published.</p> ASoC: Intel: avs: Do not share the name pointer between components Mariner Linux Yes CVE-2025-40338 20725-17084 20725-17084 Moderate 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 2.0 2025-12-11T01:36:32 <p>Information published.</p> 1.0 2025-12-10T01:02:39 <p>Information published.</p> net: stmmac: Correctly handle Rx checksum offload errors Mariner Linux Yes CVE-2025-40337 20613-17084 20613-17084 Moderate 20613-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20613-17084 CBL-Mariner Releases 20613-17084 No Security Update 6.6.117.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20613-17084 CBL-Mariner Releases 1.0 2025-12-10T01:02:44 <p>Information published.</p> 2.0 2025-12-16T14:40:54 <p>Information published.</p> urllib3 Streaming API improperly handles highly compressed data Mariner GitHub_M Yes CVE-2025-66471 Improper Handling of Highly Compressed Data (Data Amplification) 20389-17086 20530-17086 17667-17084 20890-17086 19620-17084 20389-17086 20530-17086 17667-17084 20890-17086 19620-17084 Important 20389-17086 Important 20530-17086 Important 17667-17084 Important 20890-17086 Important 19620-17084 CBL-Mariner Releases 20389-17086 20890-17086 No Security Update 1.26.19-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20389-17086 20890-17086 CBL-Mariner Releases CBL-Mariner Releases 19620-17084 No Security Update 2.0.7-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19620-17084 CBL-Mariner Releases 1.0 2025-12-10T01:03:01 <p>Information published.</p> 2.0 2025-12-11T01:01:41 <p>Information published.</p> 3.0 2025-12-16T01:36:29 <p>Information published.</p> 4.0 2025-12-17T14:37:31 <p>Information published.</p> 5.0 2025-12-23T01:38:16 <p>Information published.</p> 6.0 2026-02-18T14:08:15 <p>Information published.</p> Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... Mariner apache Yes CVE-2025-58098 Insertion of Sensitive Information Into Sent Data 19625-17084 19577-17086 19625-17084 19577-17086 Important 19625-17084 Important 19577-17086 8.3 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 19625-17084 8.3 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 19577-17086 CBL-Mariner Releases 19625-17084 19577-17086 No Security Update 2.4.66-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19625-17084 19577-17086 CBL-Mariner Releases 1.0 2025-12-11T01:01:55 <p>Information published.</p> 3.0 2025-12-20T14:35:52 <p>Information published.</p> 2.0 2025-12-17T14:37:40 <p>Information published.</p> Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow Mariner redhat Yes CVE-2025-14512 Integer Overflow or Wraparound 20753-17086 20785-17086 20752-17084 20803-17084 20753-17086 20785-17086 20752-17084 20803-17084 Moderate 20753-17086 Moderate 20785-17086 Moderate 20752-17084 Moderate 20803-17084 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20753-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20785-17086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20752-17084 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U 20803-17084 CBL-Mariner Releases 20753-17086 20785-17086 No Security Update 2.71.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20753-17086 20785-17086 CBL-Mariner Releases CBL-Mariner Releases 20752-17084 20803-17084 No Security Update 2.78.6-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20752-17084 20803-17084 CBL-Mariner Releases 1.0 2025-12-13T01:02:02 <p>Information published.</p> 3.0 2026-01-03T01:40:17 <p>Information published.</p> 2.0 2025-12-20T01:40:40 <p>Information published.</p> 4.0 2026-01-08T14:43:54 <p>Information published.</p> Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) Mariner redhat Yes CVE-2025-14523 Inconsistent Interpretation of HTTP Requests (&#39;HTTP Request/Response Smuggling&#39;) 20625-17084 20601-17086 20801-17084 20933-17086 20958-17084 21112-17084 21115-17086 21202-17084 20625-17084 20601-17086 20801-17084 20933-17086 20958-17084 21112-17084 21115-17086 21202-17084 Important 20625-17084 Important 20601-17086 Important 20801-17084 Important 20933-17086 Important 20958-17084 Important 21112-17084 Important 21115-17086 Important 21202-17084 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 20625-17084 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 20601-17086 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 20801-17084 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 20933-17086 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 20958-17084 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 21112-17084 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 21115-17086 8.2 7.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:P 21202-17084 2.0 2026-01-08T14:44:04 <p>Information published.</p> 5.0 2026-03-31T14:43:44 <p>Information published.</p> 7.0 2026-04-15T01:39:52 <p>Information published.</p> 1.0 2025-12-13T01:02:10 <p>Information published.</p> 3.0 2026-03-03T14:39:10 <p>Information published.</p> 4.0 2026-03-04T14:44:24 <p>Information published.</p> 6.0 2026-04-14T14:39:31 <p>Information published.</p> Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames Mariner redhat Yes CVE-2025-14104 Out-of-bounds Read 20195-17086 20786-17086 20754-17084 20804-17084 20195-17086 20786-17086 20754-17084 20804-17084 Moderate 20195-17086 Moderate 20786-17086 Moderate 20754-17084 Moderate 20804-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U 20195-17086 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U 20786-17086 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U 20754-17084 6.1 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U 20804-17084 CBL-Mariner Releases 20195-17086 20786-17086 No Security Update 2.37.4-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20195-17086 20786-17086 CBL-Mariner Releases CBL-Mariner Releases 20754-17084 No Security Update 2.40.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20754-17084 CBL-Mariner Releases CBL-Mariner Releases 20804-17084 No Security Update 2.40.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20804-17084 CBL-Mariner Releases 3.0 2025-12-30T14:36:04 <p>Information published.</p> 4.0 2026-01-03T01:40:23 <p>Information published.</p> 1.0 2025-12-13T01:02:19 <p>Information published.</p> 2.0 2025-12-27T14:36:13 <p>Information published.</p> 5.0 2026-01-08T14:44:17 <p>Information published.</p> usb: storage: sddr55: Reject out-of-bound new_pba Mariner Linux Yes CVE-2025-40345 20725-17084 20725-17084 Moderate 20725-17084 7.3 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 2.0 2025-12-16T01:37:53 <p>Information published.</p> 1.0 2025-12-14T14:02:02 <p>Information published.</p> 3.0 2026-01-07T14:37:39 <p>Information published.</p> Portworx Half-Blind SSRF in kube-controller-manager Mariner kubernetes Yes CVE-2025-13281 Server-Side Request Forgery (SSRF) 20794-17084 20713-17084 20364-17086 20769-17086 20794-17084 20713-17084 20364-17086 20769-17086 Moderate 20794-17084 Moderate 20713-17084 Moderate 20364-17086 Moderate 20769-17086 5.8 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 20794-17084 5.8 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 20713-17084 5.8 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 20364-17086 5.8 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 20769-17086 CBL-Mariner Releases 20794-17084 No Security Update 1.30.10-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20794-17084 CBL-Mariner Releases CBL-Mariner Releases 20713-17084 No Security Update 1.30.10-17 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20713-17084 CBL-Mariner Releases CBL-Mariner Releases 20364-17086 20769-17086 No Security Update 1.28.4-21 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20364-17086 20769-17086 CBL-Mariner Releases 2.0 2025-12-30T01:36:19 <p>Information published.</p> 5.0 2026-01-08T14:44:38 <p>Information published.</p> 1.0 2025-12-16T01:01:20 <p>Information published.</p> 3.0 2025-12-30T14:36:11 <p>Information published.</p> 4.0 2026-01-02T14:40:26 <p>Information published.</p> Elasticsearch Improper Authentication Mariner elastic Yes CVE-2025-37731 Improper Authentication 20188-17084 20182-17086 20188-17084 20182-17086 Moderate 20188-17084 Moderate 20182-17086 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 20188-17084 6.8 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 20182-17086 1.0 2025-12-16T01:01:28 <p>Information published.</p> scsi: core: Fix a regression triggered by scsi_host_busy() Mariner Linux Yes CVE-2025-68224 20725-17084 20725-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 1.0 2025-12-17T01:01:38 <p>Information published.</p> drm/xe/guc: Add devm release action to safely tear down CT Mariner Linux Yes CVE-2025-68193 20725-17084 20725-17084 Critical 20725-17084 2.0 2026-01-08T14:44:48 <p>Information published.</p> 1.0 2025-12-17T01:01:43 <p>Information published.</p> drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() Mariner Linux Yes CVE-2025-68190 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 20860-17084 21094-17084 21308-17084 20725-17084 20788-17084 20823-17084 20956-17084 21248-17084 20860-17084 21094-17084 21308-17084 Important 20725-17084 Important 20788-17084 Important 20823-17084 Important 20956-17084 Important 21248-17084 Important 20860-17084 Important 21094-17084 Important 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 3.0 2026-01-20T14:51:45 <p>Information published.</p> 5.0 2026-03-04T14:44:38 <p>Information published.</p> 6.0 2026-03-31T14:47:46 <p>Information published.</p> 7.0 2026-04-29T14:52:35 <p>Information published.</p> 1.0 2025-12-17T01:01:48 <p>Information published.</p> 2.0 2026-01-08T14:44:59 <p>Information published.</p> 4.0 2026-02-18T14:19:01 <p>Information published.</p> 8.0 2026-05-06T14:44:57 <p>Information published.</p> ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Mariner Linux Yes CVE-2025-68211 20788-17084 17087-17086 20725-17084 20823-17084 20788-17084 17087-17086 20725-17084 20823-17084 Moderate 20788-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-08T14:45:09 <p>Information published.</p> 3.0 2026-01-20T14:35:45 <p>Information published.</p> 5.0 2026-02-28T01:01:57 <p>Information published.</p> 7.0 2026-03-03T14:59:05 <p>Information published.</p> 1.0 2025-12-17T01:01:53 <p>Information published.</p> 4.0 2026-02-18T14:19:31 <p>Information published.</p> 6.0 2026-03-02T14:36:57 <p>Information published.</p> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Mariner Linux Yes CVE-2025-68255 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20725-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20788-17084 1.0 2025-12-17T01:01:59 <p>Information published.</p> 2.0 2026-01-08T01:38:15 <p>Information published.</p> 3.0 2026-01-08T14:45:20 <p>Information published.</p> drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process Mariner Linux Yes CVE-2025-68203 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 2.0 2026-01-13T01:36:03 <p>Information published.</p> 1.0 2025-12-17T01:02:10 <p>Information published.</p> drm/amd/display: Cache streams targeting link when performing LT automation Mariner Linux Yes CVE-2025-68196 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Important 20725-17084 Important 20788-17084 Important 20823-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 3.0 2026-01-20T14:36:06 <p>Information published.</p> 1.0 2025-12-17T01:02:15 <p>Information published.</p> 2.0 2026-01-08T14:45:38 <p>Information published.</p> ceph: fix multifs mds auth caps issue Mariner Linux Yes CVE-2025-40362 20725-17084 20725-17084 Important 20725-17084 8.4 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 1.0 2025-12-17T01:02:26 <p>Information published.</p> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Mariner Linux Yes CVE-2025-68235 20725-17084 20725-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:03:07 <p>Information published.</p> 2.0 2026-01-07T14:37:58 <p>Information published.</p> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Mariner Linux Yes CVE-2025-68229 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:03:18 <p>Information published.</p> 2.0 2026-01-07T14:38:12 <p>Information published.</p> arm64: mte: Do not warn if the page is already tagged in copy_highpage() Mariner Linux Yes CVE-2025-40353 20725-17084 20725-17084 Low 20725-17084 4.0 3.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U 20725-17084 1.0 2025-12-17T01:03:28 <p>Information published.</p> timers: Fix NULL function pointer race in timer_shutdown_sync() Mariner Linux Yes CVE-2025-68214 20725-17084 20725-17084 Moderate 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-17T01:03:33 <p>Information published.</p> 2.0 2026-01-07T14:38:19 <p>Information published.</p> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Mariner Linux Yes CVE-2025-68204 20725-17084 20725-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:36:52 <p>Information published.</p> 1.0 2025-12-17T01:03:44 <p>Information published.</p> 2.0 2026-01-07T14:38:25 <p>Information published.</p> media: nxp: imx8-isi: Fix streaming cleanup on release Mariner Linux Yes CVE-2025-68175 20788-17084 20725-17084 20788-17084 20725-17084 Moderate 20788-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 3.0 2026-01-13T01:36:58 <p>Information published.</p> 1.0 2025-12-17T01:03:49 <p>Information published.</p> 2.0 2026-01-08T14:46:53 <p>Information published.</p> nvme: fix admin request_queue lifetime Mariner Linux Yes CVE-2025-68265 20788-17084 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 Important 20788-17084 Important 20725-17084 Important 20823-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20788-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20725-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-08T14:47:10 <p>Information published.</p> 3.0 2026-01-20T14:37:20 <p>Information published.</p> 1.0 2025-12-17T01:04:00 <p>Information published.</p> 4.0 2026-02-18T14:26:22 <p>Information published.</p> scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) Mariner Linux Yes CVE-2025-68236 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20788-17084 3.0 2026-01-13T01:37:08 <p>Information published.</p> 1.0 2025-12-17T01:04:05 <p>Information published.</p> 2.0 2026-01-08T14:47:19 <p>Information published.</p> mptcp: Fix proto fallback detection with BPF Mariner Linux Yes CVE-2025-68227 20725-17084 20725-17084 Important 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 2.0 2026-01-07T14:38:32 <p>Information published.</p> 1.0 2025-12-17T01:04:21 <p>Information published.</p> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Mariner Linux Yes CVE-2025-68256 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20725-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20788-17084 1.0 2025-12-17T01:04:37 <p>Information published.</p> 2.0 2026-01-08T01:38:25 <p>Information published.</p> 3.0 2026-01-08T14:48:00 <p>Information published.</p> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Mariner Linux Yes CVE-2025-68220 20725-17084 20725-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:37:38 <p>Information published.</p> 1.0 2025-12-17T01:04:58 <p>Information published.</p> 2.0 2026-01-07T14:38:45 <p>Information published.</p> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Mariner Linux Yes CVE-2025-68222 20725-17084 20725-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:37:45 <p>Information published.</p> 1.0 2025-12-17T01:05:03 <p>Information published.</p> 2.0 2026-01-07T14:38:51 <p>Information published.</p> ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list Mariner Linux Yes CVE-2025-68281 20725-17084 20725-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 2.0 2026-01-13T14:36:51 <p>Information published.</p> 1.0 2025-12-17T01:05:14 <p>Information published.</p> Input: pegasus-notetaker - fix potential out-of-bounds access Mariner Linux Yes CVE-2025-68217 20725-17084 20725-17084 Moderate 20725-17084 6.2 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:38:00 <p>Information published.</p> 1.0 2025-12-17T01:05:19 <p>Information published.</p> 2.0 2026-01-07T14:39:04 <p>Information published.</p> tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Mariner Linux Yes CVE-2025-68188 20823-17084 20860-17084 21248-17084 20725-17084 20788-17084 20956-17084 21094-17084 21308-17084 20823-17084 20860-17084 21248-17084 20725-17084 20788-17084 20956-17084 21094-17084 21308-17084 Important 20823-17084 Important 20860-17084 Important 21248-17084 Important 20725-17084 Important 20788-17084 Important 20956-17084 Important 21094-17084 Important 21308-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20860-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20956-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21308-17084 6.0 2026-03-31T14:50:38 <p>Information published.</p> 7.0 2026-04-29T14:53:51 <p>Information published.</p> 1.0 2025-12-17T01:05:25 <p>Information published.</p> 2.0 2026-01-08T14:48:24 <p>Information published.</p> 3.0 2026-01-20T14:38:22 <p>Information published.</p> 4.0 2026-02-19T01:02:00 <p>Information published.</p> 5.0 2026-03-04T14:45:32 <p>Information published.</p> 8.0 2026-05-06T14:46:14 <p>Information published.</p> comedi: multiq3: sanitize config options in multiq3_attach() Mariner Linux Yes CVE-2025-68258 20788-17084 20725-17084 20788-17084 20725-17084 Moderate 20788-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-17T01:05:30 <p>Information published.</p> 2.0 2026-01-08T14:48:31 <p>Information published.</p> 3.0 2026-01-13T01:38:07 <p>Information published.</p> Un-verified kernel bypass Secure Boot mechanism in direct boot mode Mariner TianoCore Yes CVE-2025-2296 Improper Input Validation 20577-17084 20727-17084 20377-17086 20378-17086 20691-17086 20577-17084 20727-17084 20377-17086 20378-17086 20691-17086 Important 20577-17084 Important 20727-17084 Important 20377-17086 Important 20378-17086 Important 20691-17086 8.2 7.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U 20577-17084 8.2 7.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U 20378-17086 CBL-Mariner Releases 20577-17084 No Security Update 20240524git3e722403cd16-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20577-17084 CBL-Mariner Releases CBL-Mariner Releases 20377-17086 No Security Update 20230301gitf80f052277c8-44 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20377-17086 CBL-Mariner Releases CBL-Mariner Releases 20378-17086 No Security Update 1.0.1-15 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20378-17086 CBL-Mariner Releases 1.0 2025-12-17T01:05:45 <p>Information published.</p> 2.0 2025-12-23T01:35:11 <p>Information published.</p> 3.0 2026-01-08T01:38:35 <p>Information published.</p> usb: gadget: udc: fix use-after-free in usb_gadget_state_work Mariner Linux Yes CVE-2025-68282 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:01:13 <p>Information published.</p> 2.0 2026-01-07T14:39:11 <p>Information published.</p> libceph: replace BUG_ON with bounds check for map->max_osd Mariner Linux Yes CVE-2025-68283 20725-17084 20725-17084 Important 20725-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:02:26 <p>Information published.</p> 2.0 2026-01-07T14:39:25 <p>Information published.</p> ceph: fix crash in process_v2_sparse_read() for encrypted directories Mariner Linux Yes CVE-2025-68297 20725-17084 20725-17084 Important 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 1.0 2025-12-18T01:02:32 <p>Information published.</p> parisc: Avoid crash due to unaligned access in unwinder Mariner Linux Yes CVE-2025-68322 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 1.0 2025-12-18T01:02:37 <p>Information published.</p> 3.0 2026-01-13T01:39:07 <p>Information published.</p> 2.0 2026-01-08T14:48:49 <p>Information published.</p> can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs Mariner Linux Yes CVE-2025-68307 20725-17084 20725-17084 Important 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:02:42 <p>Information published.</p> 2.0 2026-01-07T14:39:31 <p>Information published.</p> drm/amd/display: Check NULL before accessing Mariner Linux Yes CVE-2025-68286 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:02:48 <p>Information published.</p> 2.0 2026-01-07T14:39:38 <p>Information published.</p> smb: client: fix memory leak in cifs_construct_tcon() Mariner Linux Yes CVE-2025-68295 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:02:53 <p>Information published.</p> 2.0 2026-01-07T14:39:44 <p>Information published.</p> x86/CPU/AMD: Add RDSEED fix for Zen5 Mariner Linux Yes CVE-2025-68313 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-18T01:02:58 <p>Information published.</p> usb: storage: Fix memory leak in USB bulk transport Mariner Linux Yes CVE-2025-68288 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:03:03 <p>Information published.</p> 2.0 2026-01-07T14:39:51 <p>Information published.</p> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Mariner Linux Yes CVE-2025-68284 20725-17084 20725-17084 Important 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:03:14 <p>Information published.</p> 2.0 2026-01-07T14:39:57 <p>Information published.</p> tty: serial: ip22zilog: Use platform device for probing Mariner Linux Yes CVE-2025-68311 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-18T01:03:19 <p>Information published.</p> 2.0 2026-01-08T01:38:46 <p>Information published.</p> 3.0 2026-01-08T14:48:57 <p>Information published.</p> io_uring/zctx: check chained notif contexts Mariner Linux Yes CVE-2025-68317 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-18T01:03:25 <p>Information published.</p> PCI/AER: Fix NULL pointer access by aer_info Mariner Linux Yes CVE-2025-68309 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-18T01:03:30 <p>Information published.</p> clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL Mariner Linux Yes CVE-2025-68318 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-18T01:03:46 <p>Information published.</p> 2.0 2026-01-13T14:37:11 <p>Information published.</p> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Mariner Linux Yes CVE-2025-68308 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:03:57 <p>Information published.</p> 2.0 2026-01-07T14:40:11 <p>Information published.</p> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Mariner Linux Yes CVE-2025-68287 20725-17084 20725-17084 Important 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:04:02 <p>Information published.</p> 3.0 2026-01-08T01:39:04 <p>Information published.</p> 2.0 2026-01-07T14:40:17 <p>Information published.</p> drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Mariner Linux Yes CVE-2025-68296 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-18T01:04:08 <p>Information published.</p> 3.0 2026-01-21T01:37:17 <p>Information published.</p> 4.0 2026-02-18T01:52:33 <p>Information published.</p> 5.0 2026-03-04T14:45:45 <p>Information published.</p> 6.0 2026-03-31T14:53:06 <p>Information published.</p> 8.0 2026-05-06T14:46:32 <p>Information published.</p> 2.0 2026-01-08T14:49:23 <p>Information published.</p> 7.0 2026-04-29T14:54:18 <p>Information published.</p> f2fs: fix to detect potential corrupted nid in free_nid_list Mariner Linux Yes CVE-2025-68315 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-18T01:04:13 <p>Information published.</p> 2.0 2026-01-08T14:49:31 <p>Information published.</p> usb: gadget: f_eem: Fix memory leak in eem_unwrap Mariner Linux Yes CVE-2025-68289 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:04:18 <p>Information published.</p> 3.0 2026-01-13T14:37:17 <p>Information published.</p> 2.0 2026-01-07T14:40:24 <p>Information published.</p> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Mariner Linux Yes CVE-2025-68302 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-18T01:04:24 <p>Information published.</p> 2.0 2026-01-07T14:40:31 <p>Information published.</p> Expr has Denial of Service via Unbounded Recursion in Builtin Functions Mariner GitHub_M Yes CVE-2025-68156 Allocation of Resources Without Limits or Throttling 20759-17086 20760-17084 19347-17084 20759-17086 20760-17084 19347-17084 Important 20759-17086 Important 20760-17084 Important 19347-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20759-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20760-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19347-17084 CBL-Mariner Releases 20760-17084 No Security Update 1.11.4-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20760-17084 CBL-Mariner Releases CBL-Mariner Releases 19347-17084 No Security Update 2.14.1-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19347-17084 CBL-Mariner Releases 1.0 2025-12-19T01:02:08 <p>Information published.</p> 2.0 2025-12-27T01:36:36 <p>Information published.</p> 3.0 2026-01-08T01:39:14 <p>Information published.</p> filelock has TOCTOU race condition that allows symlink attacks during lock file creation Mariner GitHub_M Yes CVE-2025-68146 Time-of-check Time-of-use (TOCTOU) Race Condition 20761-17084 21025-17086 20761-17084 21025-17086 Moderate 20761-17084 Moderate 21025-17086 6.3 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P 20761-17084 6.3 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 21025-17086 CBL-Mariner Releases 20761-17084 No Security Update 3.20.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20761-17084 CBL-Mariner Releases CBL-Mariner Releases 21025-17086 No Security Update 3.0.12-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 21025-17086 CBL-Mariner Releases 2.0 2026-01-03T01:41:03 <p>Information published.</p> 3.0 2026-03-07T01:01:15 <p>Information published.</p> 1.0 2025-12-19T01:02:14 <p>Information published.</p> 4.0 2026-04-29T01:43:13 <p>Information published.</p> Elasticsearch Allocation of Resources Without Limits or Throttling Mariner elastic Yes CVE-2025-68384 Allocation of Resources Without Limits or Throttling 20188-17084 20182-17086 20188-17084 20182-17086 Moderate 20188-17084 Moderate 20182-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20188-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20182-17086 1.0 2025-12-20T01:01:30 <p>Information published.</p> 2.0 2025-12-21T01:01:58 <p>Information published.</p> 3.0 2025-12-23T01:37:09 <p>Information published.</p> Apache Log4j Core: Missing TLS hostname verification in Socket appender Mariner apache Yes CVE-2025-68161 Improper Validation of Certificate with Host Mismatch 19822-17084 19822-17084 Moderate 19822-17084 1.0 2025-12-21T01:02:17 <p>Information published.</p> 3.0 2026-01-13T01:40:48 <p>Information published.</p> 2.0 2025-12-23T01:37:29 <p>Information published.</p> Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow Mariner GitHub_M Yes CVE-2025-68114 Buffer Underwrite (&#39;Buffer Underflow&#39;) 20691-17086 20744-17084 20822-17084 20864-17084 20865-17084 20964-17084 20691-17086 20744-17084 20822-17084 20864-17084 20865-17084 20964-17084 Moderate 20691-17086 Moderate 20744-17084 Moderate 20822-17084 Moderate 20864-17084 Moderate 20865-17084 Moderate 20964-17084 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 20691-17086 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20744-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20822-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20864-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20865-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20964-17084 CBL-Mariner Releases 20865-17084 20964-17084 No Security Update 1.90.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20865-17084 20964-17084 CBL-Mariner Releases 1.0 2025-12-21T01:02:22 <p>Information published.</p> 3.0 2026-01-13T01:40:55 <p>Information published.</p> 4.0 2026-01-20T01:01:24 <p>Information published.</p> 5.0 2026-02-18T02:02:42 <p>Information published.</p> 2.0 2025-12-23T01:37:34 <p>Information published.</p> 6.0 2026-03-04T14:36:09 <p>Information published.</p> KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential Mariner GitHub_M Yes CVE-2025-68476 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 20765-17086 19347-17084 20765-17086 19347-17084 Important 20765-17086 Important 19347-17084 CBL-Mariner Releases 19347-17084 No Security Update 2.14.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19347-17084 CBL-Mariner Releases 1.0 2025-12-24T01:01:19 <p>Information published.</p> 2.0 2025-12-25T01:06:12 <p>Information published.</p> 3.0 2025-12-25T01:37:57 <p>Information published.</p> 4.0 2026-01-06T14:35:56 <p>Information published.</p> 5.0 2026-01-08T01:39:41 <p>Information published.</p> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Mariner Linux Yes CVE-2025-68337 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-24T01:01:30 <p>Information published.</p> 2.0 2026-01-08T14:50:11 <p>Information published.</p> 3.0 2026-01-20T14:39:14 <p>Information published.</p> 4.0 2026-02-18T02:05:22 <p>Information published.</p> comedi: c6xdigio: Fix invalid PNP driver unregistration Mariner Linux Yes CVE-2025-68332 20788-17084 20725-17084 20788-17084 20725-17084 Moderate 20788-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 2.0 2026-01-08T14:50:19 <p>Information published.</p> 3.0 2026-01-13T01:41:09 <p>Information published.</p> 1.0 2025-12-24T01:01:35 <p>Information published.</p> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Mariner Linux Yes CVE-2025-68335 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 2.0 2026-01-08T14:50:28 <p>Information published.</p> 1.0 2025-12-24T01:01:41 <p>Information published.</p> 3.0 2026-01-13T01:41:16 <p>Information published.</p> sched_ext: Fix possible deadlock in the deferred_irq_workfn() Mariner Linux Yes CVE-2025-68333 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 2.0 2026-01-13T14:37:47 <p>Information published.</p> 1.0 2025-12-24T01:01:51 <p>Information published.</p> firmware: stratix10-svc: fix bug in saving controller data Mariner Linux Yes CVE-2025-68328 20725-17084 20725-17084 Moderate 20725-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 3.0 2026-01-13T01:41:38 <p>Information published.</p> 1.0 2025-12-24T01:02:08 <p>Information published.</p> 2.0 2026-01-07T14:41:00 <p>Information published.</p> platform/x86/amd/pmc: Add support for Van Gogh SoC Mariner Linux Yes CVE-2025-68334 20823-17084 20725-17084 20788-17084 20860-17084 20956-17084 20823-17084 20725-17084 20788-17084 20860-17084 20956-17084 Moderate 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 CBL-Mariner Releases 20956-17084 No Security Update 6.6.130.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20956-17084 CBL-Mariner Releases 2.0 2026-01-08T14:50:44 <p>Information published.</p> 3.0 2026-01-20T14:39:35 <p>Information published.</p> 5.0 2026-03-04T14:45:59 <p>Information published.</p> 6.0 2026-03-27T14:36:30 <p>Information published.</p> 1.0 2025-12-24T01:02:13 <p>Information published.</p> 4.0 2026-02-18T02:10:16 <p>Information published.</p> Net-SNMP snmptrapd crash Mariner GitHub_M Yes CVE-2025-68615 Improper Restriction of Operations within the Bounds of a Memory Buffer 18557-17086 18558-17084 18557-17086 18558-17084 Critical 18557-17086 Critical 18558-17084 9.8 9.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U 18557-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18558-17084 CBL-Mariner Releases 18557-17086 18558-17084 No Security Update 5.9.5.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18557-17086 18558-17084 CBL-Mariner Releases 2.0 2025-12-25T01:06:17 <p>Information published.</p> 3.0 2025-12-25T01:38:02 <p>Information published.</p> 4.0 2025-12-30T01:36:49 <p>Information published.</p> 5.0 2025-12-31T01:37:13 <p>Information published.</p> 1.0 2025-12-24T01:02:19 <p>Information published.</p> atm/fore200e: Fix possible data race in fore200e_open() Mariner Linux Yes CVE-2025-68339 20725-17084 20725-17084 Moderate 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-24T01:04:29 <p>Information published.</p> 2.0 2026-01-07T14:41:07 <p>Information published.</p> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data Mariner Linux Yes CVE-2025-68342 20725-17084 20725-17084 Moderate 20725-17084 5.8 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-24T01:04:45 <p>Information published.</p> 2.0 2026-01-07T14:41:13 <p>Information published.</p> team: Move team device type change at the end of team_port_add Mariner Linux Yes CVE-2025-68340 17087-17086 20725-17084 20788-17084 17087-17086 20725-17084 20788-17084 Moderate 17087-17086 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20725-17084 7.0 6.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U 20788-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-12-24T01:04:51 <p>Information published.</p> 2.0 2026-01-08T14:35:42 <p>Information published.</p> 3.0 2026-01-13T01:42:07 <p>Information published.</p> 4.0 2026-02-28T01:02:07 <p>Information published.</p> 5.0 2026-03-02T14:37:07 <p>Information published.</p> 6.0 2026-03-03T14:59:45 <p>Information published.</p> can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header Mariner Linux Yes CVE-2025-68343 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20725-17084 CBL-Mariner Releases 20725-17084 No Security Update 6.6.119.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20725-17084 CBL-Mariner Releases 1.0 2025-12-24T01:04:56 <p>Information published.</p> 2.0 2026-01-07T14:41:20 <p>Information published.</p> scsi: smartpqi: Fix device resources accessed after device removal Mariner Linux Yes CVE-2025-68371 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:02:46 <p>Information published.</p> 4.0 2026-01-20T14:39:54 <p>Information published.</p> 2.0 2025-12-26T14:35:51 <p>Information published.</p> 3.0 2026-01-08T14:35:57 <p>Information published.</p> 5.0 2026-02-18T02:17:01 <p>Information published.</p> NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Mariner Linux Yes CVE-2025-68349 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:02:51 <p>Information published.</p> 5.0 2026-02-18T02:18:05 <p>Information published.</p> 2.0 2025-12-26T14:35:56 <p>Information published.</p> 3.0 2026-01-08T14:36:07 <p>Information published.</p> 4.0 2026-01-20T14:40:05 <p>Information published.</p> regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Mariner Linux Yes CVE-2025-68354 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:02:57 <p>Information published.</p> 3.0 2026-01-08T14:36:19 <p>Information published.</p> 4.0 2026-01-20T14:40:15 <p>Information published.</p> 5.0 2026-02-18T02:19:05 <p>Information published.</p> 2.0 2025-12-26T14:36:01 <p>Information published.</p> wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Mariner Linux Yes CVE-2025-68362 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:02 <p>Information published.</p> 3.0 2026-01-08T14:36:29 <p>Information published.</p> 4.0 2026-01-20T14:40:25 <p>Information published.</p> 5.0 2026-02-18T02:20:04 <p>Information published.</p> 2.0 2025-12-26T14:36:06 <p>Information published.</p> scsi: qla2xxx: Fix improper freeing of purex item Mariner Linux Yes CVE-2025-68741 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:12 <p>Information published.</p> 3.0 2026-01-08T14:36:49 <p>Information published.</p> 4.0 2026-01-20T14:40:45 <p>Information published.</p> 2.0 2025-12-26T14:36:16 <p>Information published.</p> 5.0 2026-02-18T02:21:57 <p>Information published.</p> gpu: host1x: Fix race in syncpt alloc/free Mariner Linux Yes CVE-2025-68732 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:03:18 <p>Information published.</p> 3.0 2026-01-08T14:37:00 <p>Information published.</p> 4.0 2026-01-20T14:40:55 <p>Information published.</p> 5.0 2026-02-18T02:22:51 <p>Information published.</p> 2.0 2025-12-26T14:36:21 <p>Information published.</p> af_unix: Fix null-ptr-deref in unix_stream_sendpage(). Mariner Linux Yes CVE-2023-54161 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-25T01:03:23 <p>Information published.</p> 2.0 2025-12-26T14:36:26 <p>Information published.</p> ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events Mariner Linux Yes CVE-2025-68347 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:04:00 <p>Information published.</p> 3.0 2026-01-08T14:38:12 <p>Information published.</p> 2.0 2025-12-26T14:37:00 <p>Information published.</p> 4.0 2026-01-20T14:41:45 <p>Information published.</p> 5.0 2026-02-18T02:27:52 <p>Information published.</p> ALSA: wavefront: Fix integer overflow in sample size validation Mariner Linux Yes CVE-2025-68344 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20788-17084 1.0 2025-12-25T01:04:05 <p>Information published.</p> 3.0 2026-01-08T14:38:22 <p>Information published.</p> 4.0 2026-01-13T01:43:07 <p>Information published.</p> 2.0 2025-12-26T14:37:04 <p>Information published.</p> spi: tegra210-quad: Fix timeout handling Mariner Linux Yes CVE-2025-68746 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:04:11 <p>Information published.</p> 4.0 2026-01-20T14:41:56 <p>Information published.</p> 2.0 2025-12-26T14:37:09 <p>Information published.</p> 3.0 2026-01-08T14:38:32 <p>Information published.</p> 5.0 2026-02-18T02:29:02 <p>Information published.</p> gfs2: Prevent recursive memory reclaim Mariner Linux Yes CVE-2025-68356 20725-17084 20788-17084 20956-17084 21094-17084 21248-17084 20823-17084 20860-17084 21308-17084 20725-17084 20788-17084 20956-17084 21094-17084 21248-17084 20823-17084 20860-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-25T01:04:16 <p>Information published.</p> 4.0 2026-01-20T14:42:08 <p>Information published.</p> 7.0 2026-03-31T15:02:20 <p>Information published.</p> 8.0 2026-04-29T14:55:21 <p>Information published.</p> 2.0 2025-12-26T14:37:14 <p>Information published.</p> 3.0 2026-01-08T14:38:42 <p>Information published.</p> 5.0 2026-02-18T02:29:44 <p>Information published.</p> 6.0 2026-03-04T14:46:26 <p>Information published.</p> 9.0 2026-05-06T14:47:17 <p>Information published.</p> bpf: Fix invalid prog->stats access when update_effective_progs fails Mariner Linux Yes CVE-2025-68742 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:04:21 <p>Information published.</p> 3.0 2026-01-08T14:38:53 <p>Information published.</p> 4.0 2026-01-20T14:42:19 <p>Information published.</p> 5.0 2026-02-18T02:30:39 <p>Information published.</p> 2.0 2025-12-26T14:37:19 <p>Information published.</p> macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Mariner Linux Yes CVE-2025-68367 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-25T01:04:26 <p>Information published.</p> 2.0 2025-12-26T14:37:24 <p>Information published.</p> 3.0 2026-01-08T01:40:06 <p>Information published.</p> 4.0 2026-01-08T14:39:03 <p>Information published.</p> fs/ntfs3: Initialize allocated memory before use Mariner Linux Yes CVE-2025-68365 20725-17084 17087-17086 20788-17084 20725-17084 17087-17086 20788-17084 Moderate 20725-17084 Moderate 17087-17086 Moderate 20788-17084 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 6.6 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 20788-17084 CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-12-25T01:04:31 <p>Information published.</p> 3.0 2026-01-08T14:39:12 <p>Information published.</p> 4.0 2026-01-13T01:43:20 <p>Information published.</p> 7.0 2026-03-03T15:00:23 <p>Information published.</p> 2.0 2025-12-26T14:37:29 <p>Information published.</p> 5.0 2026-02-28T01:02:18 <p>Information published.</p> 6.0 2026-03-02T14:37:18 <p>Information published.</p> bpf: Do not let BPF test infra emit invalid GSO types to stack Mariner Linux Yes CVE-2025-68725 20725-17084 20823-17084 20860-17084 20788-17084 17087-17086 20725-17084 20823-17084 20860-17084 20788-17084 17087-17086 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20788-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases CBL-Mariner Releases 17087-17086 No Security Update 5.15.200.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17087-17086 CBL-Mariner Releases 1.0 2025-12-25T01:04:37 <p>Information published.</p> 4.0 2026-01-20T14:42:30 <p>Information published.</p> 5.0 2026-02-18T02:31:52 <p>Information published.</p> 6.0 2026-02-27T14:36:44 <p>Information published.</p> 7.0 2026-02-28T01:02:23 <p>Information published.</p> 9.0 2026-03-02T14:37:23 <p>Information published.</p> 10.0 2026-03-03T15:00:44 <p>Information published.</p> 2.0 2025-12-26T14:37:33 <p>Information published.</p> 3.0 2026-01-08T14:39:22 <p>Information published.</p> 8.0 2026-02-28T01:37:31 <p>Information published.</p> ntfs3: fix uninit memory after failed mi_read in mi_format_new Mariner Linux Yes CVE-2025-68728 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 20788-17084 1.0 2025-12-25T01:04:42 <p>Information published.</p> 4.0 2026-01-13T01:43:26 <p>Information published.</p> 2.0 2025-12-26T14:37:38 <p>Information published.</p> 3.0 2026-01-08T14:39:32 <p>Information published.</p> nbd: defer config put in recv_work Mariner Linux Yes CVE-2025-68372 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:04:47 <p>Information published.</p> 4.0 2026-01-20T14:42:40 <p>Information published.</p> 5.0 2026-02-18T02:32:55 <p>Information published.</p> 2.0 2025-12-26T14:37:43 <p>Information published.</p> 3.0 2026-01-08T14:39:42 <p>Information published.</p> btrfs: fix racy bitfield write in btrfs_clear_space_info_full() Mariner Linux Yes CVE-2025-68358 20725-17084 20788-17084 20860-17084 20925-17086 20823-17084 17087-17086 20725-17084 20788-17084 20860-17084 20925-17086 20823-17084 17087-17086 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20823-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 20860-17084 No Security Update 6.6.126.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20860-17084 CBL-Mariner Releases CBL-Mariner Releases 20925-17086 No Security Update 5.15.202.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20925-17086 CBL-Mariner Releases 1.0 2025-12-25T01:04:52 <p>Information published.</p> 4.0 2026-01-20T14:42:51 <p>Information published.</p> 5.0 2026-02-18T02:33:30 <p>Information published.</p> 6.0 2026-02-27T14:36:50 <p>Information published.</p> 7.0 2026-02-28T01:02:13 <p>Information published.</p> 10.0 2026-03-03T15:00:02 <p>Information published.</p> 11.0 2026-03-31T01:37:52 <p>Information published.</p> 2.0 2025-12-26T14:37:48 <p>Information published.</p> 3.0 2026-01-08T14:39:53 <p>Information published.</p> 8.0 2026-02-28T01:37:37 <p>Information published.</p> 9.0 2026-03-02T14:37:12 <p>Information published.</p> af_unix: Fix null-ptr-deref in unix_stream_sendpage(). Mariner Linux Yes CVE-2023-54082 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-25T01:04:58 <p>Information published.</p> 2.0 2025-12-26T14:37:53 <p>Information published.</p> bpf: Check skb->transport_header is set in bpf_skb_check_mtu Mariner Linux Yes CVE-2025-68363 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:05:08 <p>Information published.</p> 3.0 2026-01-08T14:40:13 <p>Information published.</p> 4.0 2026-01-20T14:43:12 <p>Information published.</p> 5.0 2026-02-18T02:34:53 <p>Information published.</p> 2.0 2025-12-26T14:38:02 <p>Information published.</p> ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() Mariner Linux Yes CVE-2025-68364 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 1.0 2025-12-25T01:05:24 <p>Information published.</p> 2.0 2025-12-26T14:38:17 <p>Information published.</p> 3.0 2026-01-08T14:40:42 <p>Information published.</p> 4.0 2026-01-13T01:43:41 <p>Information published.</p> ntfs3: Fix uninit buffer allocated by __getname() Mariner Linux Yes CVE-2025-68727 20725-17084 20788-17084 20725-17084 20788-17084 Low 20725-17084 Low 20788-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20725-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 20788-17084 1.0 2025-12-25T01:05:30 <p>Information published.</p> 3.0 2026-01-08T14:40:52 <p>Information published.</p> 4.0 2026-01-13T01:43:46 <p>Information published.</p> 2.0 2025-12-26T14:38:22 <p>Information published.</p> bpf: Fix stackmap overflow check in __bpf_get_stackid() Mariner Linux Yes CVE-2025-68378 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-25T01:05:35 <p>Information published.</p> 3.0 2026-01-08T14:41:02 <p>Information published.</p> 6.0 2026-03-04T14:46:33 <p>Information published.</p> 7.0 2026-03-31T15:02:43 <p>Information published.</p> 2.0 2025-12-26T14:38:26 <p>Information published.</p> 4.0 2026-01-20T14:43:33 <p>Information published.</p> 5.0 2026-02-18T02:36:53 <p>Information published.</p> 8.0 2026-04-29T14:55:32 <p>Information published.</p> 9.0 2026-05-06T14:47:25 <p>Information published.</p> coresight: ETR: Fix ETR buffer use-after-free issue Mariner Linux Yes CVE-2025-68376 20725-17084 20788-17084 20725-17084 20788-17084 Moderate 20725-17084 Moderate 20788-17084 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 20725-17084 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-25T01:05:40 <p>Information published.</p> 4.0 2026-01-13T01:43:52 <p>Information published.</p> 2.0 2025-12-26T14:38:31 <p>Information published.</p> 3.0 2026-01-08T14:41:12 <p>Information published.</p> wifi: ath11k: fix peer HE MCS assignment Mariner Linux Yes CVE-2025-68380 20725-17084 20788-17084 20725-17084 20788-17084 Important 20725-17084 Important 20788-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20725-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20788-17084 1.0 2025-12-25T01:05:45 <p>Information published.</p> 3.0 2026-01-08T01:40:16 <p>Information published.</p> 2.0 2025-12-26T14:38:36 <p>Information published.</p> 4.0 2026-01-08T14:41:22 <p>Information published.</p> crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Mariner Linux Yes CVE-2025-68724 20725-17084 20788-17084 20823-17084 20725-17084 20788-17084 20823-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:05:51 <p>Information published.</p> 4.0 2026-01-20T14:43:44 <p>Information published.</p> 5.0 2026-02-18T02:38:05 <p>Information published.</p> 2.0 2025-12-26T14:38:41 <p>Information published.</p> 3.0 2026-01-08T14:41:32 <p>Information published.</p> md: fix rcu protection in md_wakeup_thread Mariner Linux Yes CVE-2025-68374 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20860-17084 21308-17084 20725-17084 20788-17084 20823-17084 20956-17084 21094-17084 21248-17084 20860-17084 21308-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 20860-17084 Moderate 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 1.0 2025-12-25T01:05:56 <p>Information published.</p> 5.0 2026-02-18T02:38:35 <p>Information published.</p> 6.0 2026-03-04T14:46:41 <p>Information published.</p> 8.0 2026-04-29T14:55:44 <p>Information published.</p> 2.0 2025-12-26T14:38:46 <p>Information published.</p> 3.0 2026-01-08T14:41:42 <p>Information published.</p> 4.0 2026-01-20T14:43:55 <p>Information published.</p> 7.0 2026-03-31T15:03:08 <p>Information published.</p> 9.0 2026-05-06T14:47:34 <p>Information published.</p> smack: fix bug: unprivileged task can create labels Mariner Linux Yes CVE-2025-68733 20725-17084 20823-17084 20788-17084 20725-17084 20823-17084 20788-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 1.0 2025-12-25T01:06:01 <p>Information published.</p> 3.0 2026-01-08T14:41:52 <p>Information published.</p> 4.0 2026-01-20T14:44:05 <p>Information published.</p> 5.0 2026-02-18T02:39:17 <p>Information published.</p> 2.0 2025-12-26T14:38:50 <p>Information published.</p> x86: fix clear_user_rep_good() exception handling annotation Mariner Linux Yes CVE-2023-54061 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-25T01:06:07 <p>Information published.</p> 2.0 2025-12-26T14:38:55 <p>Information published.</p> MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability Mariner zdi Yes CVE-2025-13699 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) 19283-17084 20085-17086 19283-17084 20085-17086 Important 19283-17084 Important 20085-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 19283-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 20085-17086 CBL-Mariner Releases 19283-17084 No Security Update 10.11.15-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19283-17084 CBL-Mariner Releases CBL-Mariner Releases 20085-17086 No Security Update 10.6.24-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20085-17086 CBL-Mariner Releases 2.0 2025-12-27T01:36:47 <p>Information published.</p> 3.0 2025-12-30T01:37:07 <p>Information published.</p> 4.0 2026-01-03T01:36:02 <p>Information published.</p> 1.0 2025-12-27T01:01:16 <p>Information published.</p> Information Leak of Memory in getimagesize Mariner php Yes CVE-2025-14177 Out-of-bounds Read 20163-17084 20800-17084 19545-17086 20163-17084 20800-17084 19545-17086 Moderate 20163-17084 Moderate 20800-17084 Low 19545-17086 3.7 3.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P 19545-17086 CBL-Mariner Releases 19545-17086 No Security Update 8.1.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19545-17086 CBL-Mariner Releases 1.0 2025-12-29T01:01:24 <p>Information published.</p> 3.0 2025-12-31T01:02:15 <p>Information published.</p> 6.0 2026-02-18T02:41:55 <p>Information published.</p> 2.0 2025-12-29T14:35:58 <p>Information published.</p> 4.0 2026-01-03T01:36:13 <p>Information published.</p> 5.0 2026-01-08T14:42:25 <p>Information published.</p> Heap buffer overflow in array_merge() Mariner php Yes CVE-2025-14178 Out-of-bounds Write 20163-17084 19545-17086 20800-17084 20163-17084 19545-17086 20800-17084 Moderate 20163-17084 Moderate 19545-17086 Moderate 20800-17084 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 20163-17084 4.8 4.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U 19545-17086 6.5 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 20800-17084 CBL-Mariner Releases 19545-17086 No Security Update 8.1.34-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19545-17086 CBL-Mariner Releases 3.0 2025-12-31T01:02:10 <p>Information published.</p> 4.0 2026-01-03T01:36:22 <p>Information published.</p> 1.0 2025-12-29T01:01:29 <p>Information published.</p> 2.0 2025-12-29T14:36:03 <p>Information published.</p> 5.0 2026-01-08T14:42:35 <p>Information published.</p> 6.0 2026-02-18T02:42:39 <p>Information published.</p> In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.) Mariner mitre Yes CVE-2025-68973 Multiple Operations on Resource in Single-Operation Context 20333-17084 20331-17086 20333-17084 20331-17086 Important 20333-17084 Important 20331-17086 7.8 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P 20333-17084 7.8 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P 20331-17086 CBL-Mariner Releases 20333-17084 No Security Update 2.4.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20333-17084 CBL-Mariner Releases CBL-Mariner Releases 20331-17086 No Security Update 2.4.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20331-17086 CBL-Mariner Releases 1.0 2025-12-30T01:01:21 <p>Information published.</p> 2.0 2026-01-03T01:02:22 <p>Information published.</p> 3.0 2026-01-06T14:36:10 <p>Information published.</p> 4.0 2026-02-25T01:36:51 <p>Information published.</p> libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE Mariner VulnCheck Yes CVE-2025-34468 Stack-based Buffer Overflow 20773-17084 20924-17084 20773-17084 20924-17084 Important 20773-17084 Important 20924-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20773-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20924-17084 1.0 2026-01-03T01:01:22 <p>Information published.</p> 2.0 2026-01-08T01:40:21 <p>Information published.</p> 3.0 2026-02-21T04:00:03 <p>Information published.</p> OOBR and OOBW in pcap_ether_aton() in libpcap Mariner Tcpdump Yes CVE-2025-11961 Buffer Over-read 20217-17086 20881-17084 20882-17086 17643-17084 17642-17084 20213-17086 20944-17086 20217-17086 20881-17084 20882-17086 17643-17084 17642-17084 20213-17086 20944-17086 Low 20217-17086 Low 20881-17084 Low 20882-17086 Low 17643-17084 Low 17642-17084 Low 20213-17086 Low 20944-17086 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 20217-17086 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 20881-17084 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 20882-17086 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 17643-17084 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 17642-17084 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 20213-17086 1.9 1.8 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U 20944-17086 CBL-Mariner Releases 20881-17084 No Security Update 7.95-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20881-17084 CBL-Mariner Releases CBL-Mariner Releases 20882-17086 No Security Update 7.93-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20882-17086 CBL-Mariner Releases CBL-Mariner Releases 17643-17084 No Security Update 1.10.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17643-17084 CBL-Mariner Releases CBL-Mariner Releases 20213-17086 20944-17086 No Security Update 1.10.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20213-17086 20944-17086 CBL-Mariner Releases 2.0 2026-01-06T01:35:35 <p>Information published.</p> 3.0 2026-02-18T02:47:51 <p>Information published.</p> 5.0 2026-03-03T14:49:25 <p>Information published.</p> 1.0 2026-01-03T01:01:36 <p>Information published.</p> 4.0 2026-02-24T14:03:21 <p>Information published.</p> OOBW in utf_16le_to_utf_8_truncated() in libpcap Mariner Tcpdump Yes CVE-2025-11964 Out-of-bounds Write 17643-17084 20213-17086 17642-17084 20217-17086 17643-17084 20213-17086 17642-17084 20217-17086 Low 17643-17084 Low 20213-17086 Low 17642-17084 Low 20217-17086 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N 17643-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N 20213-17086 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N 17642-17084 1.9 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N 20217-17086 CBL-Mariner Releases 17643-17084 No Security Update 1.10.6-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17643-17084 CBL-Mariner Releases 1.0 2026-01-03T01:01:49 <p>Information published.</p> 2.0 2026-01-06T01:35:42 <p>Information published.</p> libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. Mariner mitre Yes CVE-2025-69277 Incomplete List of Disallowed Inputs 20774-17084 20775-17086 20829-17084 20883-17086 20774-17084 20775-17086 20829-17084 20883-17086 Moderate 20774-17084 Moderate 20775-17086 Moderate 20829-17084 Moderate 20883-17086 4.5 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 20774-17084 4.5 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 20775-17086 4.5 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 20829-17084 4.5 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U 20883-17086 CBL-Mariner Releases 20774-17084 20829-17084 No Security Update 1.0.19-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20774-17084 20829-17084 CBL-Mariner Releases CBL-Mariner Releases 20775-17086 20883-17086 No Security Update 1.0.18-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20775-17086 20883-17086 CBL-Mariner Releases 2.0 2026-01-09T14:35:57 <p>Information published.</p> 3.0 2026-01-13T01:36:15 <p>Information published.</p> 4.0 2026-01-20T14:44:57 <p>Information published.</p> 5.0 2026-02-18T02:48:42 <p>Information published.</p> 1.0 2026-01-03T01:01:58 <p>Information published.</p> arrayLimit bypass in bracket notation allows DoS via memory exhaustion Mariner harborist Yes CVE-2025-15284 Improper Input Validation 19693-17084 19712-17086 20776-17086 19693-17084 19712-17086 20776-17086 Important 19693-17084 Important 19712-17086 Important 20776-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20776-17086 1.0 2026-01-03T01:02:10 <p>Information published.</p> 2.0 2026-01-08T01:40:35 <p>Information published.</p> URI Credential Leakage Bypass over CVE-2025-27221 Mariner GitHub_M Yes CVE-2025-61594 Improper Removal of Sensitive Information Before Storage or Transfer 20631-17084 20392-17086 20884-17084 20885-17086 20631-17084 20392-17086 20884-17084 20885-17086 Low 20631-17084 Low 20392-17086 Low 20884-17084 Low 20885-17086 CBL-Mariner Releases 20392-17086 20885-17086 No Security Update 3.1.7-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20392-17086 20885-17086 CBL-Mariner Releases CBL-Mariner Releases 20884-17084 No Security Update 3.3.5-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20884-17084 CBL-Mariner Releases 2.0 2026-01-05T14:36:39 <p>Information published.</p> 3.0 2026-01-15T01:36:06 <p>Information published.</p> 4.0 2026-02-18T02:50:06 <p>Information published.</p> 1.0 2026-01-03T01:02:18 <p>Information published.</p> In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Mariner google_android Yes CVE-2025-48637 Integer Overflow or Wraparound 20808-17084 20921-17084 20809-17086 20808-17084 20921-17084 20809-17086 Important 20808-17084 Important 20921-17084 Important 20809-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20808-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20921-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20809-17086 2.0 2026-01-13T01:42:01 <p>Information published.</p> 3.0 2026-02-21T03:39:48 <p>Information published.</p> 1.0 2026-01-09T01:10:44 <p>Information published.</p> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Mariner Linux Yes CVE-2025-68291 20823-17084 20788-17084 20823-17084 20788-17084 Moderate 20823-17084 Moderate 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 CBL-Mariner Releases 20823-17084 No Security Update 6.6.121.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20823-17084 CBL-Mariner Releases 2.0 2026-01-20T14:47:47 <p>Information published.</p> 3.0 2026-02-18T14:06:12 <p>Information published.</p> 1.0 2026-01-13T01:01:23 <p>Information published.</p> Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow Mariner GitHub_M Yes CVE-2025-67873 Heap-based Buffer Overflow 20744-17084 20822-17084 20865-17084 20964-17084 20744-17084 20822-17084 20865-17084 20964-17084 Moderate 20744-17084 Moderate 20822-17084 Moderate 20865-17084 Moderate 20964-17084 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 20744-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20822-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20865-17084 4.8 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U 20964-17084 CBL-Mariner Releases 20865-17084 20964-17084 No Security Update 1.90.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20865-17084 20964-17084 CBL-Mariner Releases 3.0 2026-03-04T14:36:46 <p>Information published.</p> 1.0 2026-01-21T01:07:01 <p>Information published.</p> 2.0 2026-02-18T15:05:33 <p>Information published.</p> Mariner eclipse Yes CVE-2025-10543 Incorrect Conversion between Numeric Types 20520-17086 19343-17084 20739-17084 20770-17086 20782-17086 20079-17084 20385-17086 20798-17084 20797-17084 20520-17086 19343-17084 20739-17084 20770-17086 20782-17086 20079-17084 20385-17086 20798-17084 20797-17084 Moderate 20520-17086 Moderate 19343-17084 Moderate 20739-17084 Moderate 20770-17086 Moderate 20782-17086 Moderate 20079-17084 Moderate 20385-17086 Moderate 20798-17084 Moderate 20797-17084 CBL-Mariner Releases 20520-17086 No Security Update 2.6.1-26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20520-17086 CBL-Mariner Releases CBL-Mariner Releases 20739-17084 20797-17084 No Security Update 1.31.0-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20739-17084 20797-17084 CBL-Mariner Releases CBL-Mariner Releases 20770-17086 No Security Update 2.6.1-27 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20770-17086 CBL-Mariner Releases CBL-Mariner Releases 20782-17086 20385-17086 No Security Update 1.29.4-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20782-17086 20385-17086 CBL-Mariner Releases CBL-Mariner Releases 20079-17084 20798-17084 No Security Update 2.7.5-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20079-17084 20798-17084 CBL-Mariner Releases 1.0 2025-12-05T01:04:08 <p>Information published.</p> 2.0 2025-12-07T01:42:27 <p>Information published.</p> 4.0 2025-12-19T01:36:13 <p>Information published.</p> 5.0 2026-01-03T01:39:42 <p>Information published.</p> 3.0 2025-12-12T01:38:23 <p>Information published.</p> 6.0 2026-01-08T14:41:52 <p>Information published.</p> Chromium: CVE-2025-14373 Inappropriate implementation in Toolbar <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.80</td> <td>12/11/2025</td> <td>143.0.7499.109/.110</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-14373 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.80 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-11T14:29:33 <p>Information published.</p> Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge for iOS Microsoft Yes CVE-2025-62223 User Interface (UI) Misrepresentation of Critical Information 11655 Spoofing 11655 Low 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 4.3 3.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://instagram.com/syarifsajjad">Syarif Muhammad Sajjad</a> 1.0 2025-12-04T00:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-62454 Heap-based Buffer Overflow 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 haowei yan(jingdong dawnslab) 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with access to a shared folder on a system using a Resilient File System (ReFS) volume could exploit this vulnerability by running a specially crafted operation against the folder.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Resilient File System (ReFS) Microsoft Yes CVE-2025-62456 Heap-based Buffer Overflow 20437 20438 11923 11924 12437 12242 12243 12244 12389 12390 12436 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12437 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Important 20437 Important 20438 Important 11923 Important 11924 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 <a href="https://twitter.com/thunderj17">Thunder_J</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-62457 Out-of-bounds Read 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 haowei yan(jingdong dawnslab) 1.0 2025-12-09T00:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - GRFX Microsoft Yes CVE-2025-62458 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12242 12243 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 <a href="https://twitter.com/thezdi">Marcin Wiazowski working</a> with <a href="https://www.zerodayinitiative.com/">Trend Zero Day Initiative</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Client-Side Caching Elevation of Privilege Vulnerability <p>Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Client-Side Caching (CSC) Service Microsoft Yes CVE-2025-62466 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 <a href="https://twitter.com/ezrak1e">Ezrak1e</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-62469 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Double Free 12437 20437 20438 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 hazard 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Common Log File System Driver Microsoft Yes CVE-2025-62470 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 20437 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 20437 Elevation of Privilege 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 20437 Important 20438 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 20437 20438 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 20437 20438 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 haowei yan(jingdong dawnslab) <a href="https://x.com/x0rb1ts">0rb1t</a> with None 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Elevation of Privilege Vulnerability <p>Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2025-62472 Use of Uninitialized Resource Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 anonymous 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p>Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-62473 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 Anonymous 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-62549 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 Anonymous 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Excel Microsoft Yes CVE-2025-62561 Untrusted Pointer Dereference 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002817 https://www.microsoft.com/en-us/download/details.aspx?id=108483 5002801 10836 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002817 10836 5002817 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002820 https://www.microsoft.com/en-us/download/details.aspx?id=108491 5002811 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002820 10739 10740 5002820 5002818 https://www.microsoft.com/en-us/download/details.aspx?id=108490 5002810 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002818 10739 10740 5002818 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST 1.0 2025-12-09T00:00:00 <p>Information published.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Outlook Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious email and convince them to reply to it.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Outlook Microsoft Yes CVE-2025-62562 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002821 https://www.microsoft.com/en-us/download/details.aspx?id=108485 5002805 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002821 10950 5002821 5002804 https://www.microsoft.com/en-us/download/details.aspx?id=108489 5002787 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002804 10950 5002804 5002816 https://www.microsoft.com/en-us/download/details.aspx?id=108486 5002803 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002816 11585 5002816 5002802 https://www.microsoft.com/en-us/download/details.aspx?id=108488 5002798 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002802 11585 5002802 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002806 https://www.microsoft.com/en-us/download/details.aspx?id=108492 5002789 10746 10747 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002806 10746 10747 5002806 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> 1.1 2025-12-09T00:00:00 <p>Corrected severity entries in the Affected Products table. This is an informational change only. Customers who have successfully installed the update do not need to take any further action.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Excel Microsoft Yes CVE-2025-62563 Use After Free 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002817 https://www.microsoft.com/en-us/download/details.aspx?id=108483 5002801 10836 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002817 10836 5002817 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002820 https://www.microsoft.com/en-us/download/details.aspx?id=108491 5002811 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002820 10739 10740 5002820 5002818 https://www.microsoft.com/en-us/download/details.aspx?id=108490 5002810 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002818 10739 10740 5002818 <a href="https://x.com/dnpushme">f4 &amp; Zhiniang Peng with HUST</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Excel Microsoft Yes CVE-2025-62564 Out-of-bounds Read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002817 https://www.microsoft.com/en-us/download/details.aspx?id=108483 5002801 10836 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002817 10836 5002817 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002820 https://www.microsoft.com/en-us/download/details.aspx?id=108491 5002811 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002820 10739 10740 5002820 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST 1.0 2025-12-09T00:00:00 <p>Information published.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Windows Installer Elevation of Privilege Vulnerability <p>Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Installer Microsoft Yes CVE-2025-62571 Improper Input Validation 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 <a href="https://infosec.exchange/@jagotu">JaGoTu</a> with <a href="https://www.dcit.cz/">DCIT, a.s.</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Application Information Service Elevation of Privilege Vulnerability <p>Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>A successful exploitation of this vulnerability causes a privilege escalation from <code> Medium</code> to <code> NT AUTHORITY\SYSTEM</code>.</p> Application Information Services Microsoft Yes CVE-2025-62572 Out-of-bounds Read 12437 20437 20438 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 Pwnforr777 1.0 2025-12-09T00:00:00 <p>Information published.</p> DirectX Graphics Kernel Elevation of Privilege Vulnerability <p>Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DirectX Microsoft Yes CVE-2025-62573 Use After Free Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 cyanbamboo and b2ahex 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows File Explorer Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Windows Shell Microsoft Yes CVE-2025-64658 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 Taeω02 Anonymous 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Exchange Server Spoofing Vulnerability <p>User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker could spoof incorrect <strong>5322.From</strong> email address that is displayed to a user.</p> <p><strong>Why are update links missing for some Exchange products?</strong></p> <p>For <em><strong>Exchange Server 2016 and 2019</strong></em>, update links are not provided because these versions are out of support and security updates are only available through the <strong>Extended Security Update (ESU) program</strong>.</p> <p>Customers enrolled in ESU can access the December 2025 and future updates, while those not enrolled should migrate to Exchange Server Subscription Edition (SE) to continue receiving security updates. If you have purchased ESU and need assistance accessing updates, contact Microsoft at **ExchangeandSfBServerESUInquiry@service.microsoft.com. **</p> <p>For more details, see the official <a href="http://techcommunity.microsoft.com/blog/exchange/released-december-2025-exchange-server-security-updates/4474949">blog post</a>.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-64667 User Interface (UI) Misrepresentation of Critical Information 16792 12039 12502 12293 Spoofing 16792 Spoofing 12039 Spoofing 12502 Spoofing 12293 Important 16792 Important 12039 Important 12502 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 16792 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12039 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12502 5.3 4.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 12293 5071876 http://www.microsoft.com/en-us/download/details.aspx?id=108493 16792 Yes Security Update 15.02.2562.035 https://support.microsoft.com/help/5071876 16792 5071876 5071873 12039 Yes Security Update 15.01.2507.063 https://support.microsoft.com/help/5071873 12039 5071873 5071875 12502 Yes Security Update 15.02.1748.042 https://support.microsoft.com/help/5071875 12502 5071875 5071874 12293 Yes Security Update 15.02.1544.037 https://support.microsoft.com/help/5071874 12293 5071874 Tushar Maroo with Microsoft 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Exchange Server Elevation of Privilege Vulnerability <p>Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>Why are update links missing for some Exchange products?</strong></p> <p>For <em><strong>Exchange Server 2016 and 2019</strong></em>, update links are not provided because these versions are out of support and security updates are only available through the <strong>Extended Security Update (ESU) program</strong>.</p> <p>Customers enrolled in ESU can access the December 2025 and future updates, while those not enrolled should migrate to Exchange Server Subscription Edition (SE) to continue receiving security updates. If you have purchased ESU and need assistance accessing updates, contact Microsoft at **ExchangeandSfBServerESUInquiry@service.microsoft.com. **</p> <p>For more details, see the official <a href="http://techcommunity.microsoft.com/blog/exchange/released-december-2025-exchange-server-security-updates/4474949">blog post</a>.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Microsoft Exchange Server Microsoft Yes CVE-2025-64666 Improper Input Validation 12502 12039 16792 12293 Elevation of Privilege 12502 Elevation of Privilege 12039 Elevation of Privilege 16792 Elevation of Privilege 12293 Important 12502 Important 12039 Important 16792 Important 12293 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12502 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12039 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 16792 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12293 5071875 12502 Yes Security Update 15.02.1748.042 https://support.microsoft.com/help/5071875 12502 5071875 5071873 12039 Yes Security Update 15.01.2507.063 https://support.microsoft.com/help/5071873 12039 5071873 5071876 http://www.microsoft.com/en-us/download/details.aspx?id=108493 16792 Yes Security Update 15.02.2562.035 https://support.microsoft.com/help/5071876 16792 5071876 5071874 12293 Yes Security Update 15.02.1544.037 https://support.microsoft.com/help/5071874 12293 5071874 National Security Agency 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows DirectX Information Disclosure Vulnerability <p>Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.</p> Microsoft Graphics Component Microsoft Yes CVE-2025-64670 Exposure of Sensitive Information to an Unauthorized Actor 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 cyanbamboo and b2ahex 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Storage VSP Driver Elevation of Privilege Vulnerability <p>Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Storvsp.sys Driver Microsoft Yes CVE-2025-64673 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Chromium: CVE-2025-13640 Inappropriate implementation in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13640 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:26 <p>Information published.</p> Chromium: CVE-2025-13639 Inappropriate implementation in WebRTC <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13639 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:25 <p>Information published.</p> Chromium: CVE-2025-13638 Use after free in Media Stream <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13638 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:24 <p>Information published.</p> Chromium: CVE-2025-13637 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13637 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:23 <p>Information published.</p> Chromium: CVE-2025-13636 Inappropriate implementation in Split View <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13636 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:22 <p>Information published.</p> Chromium: CVE-2025-13635 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13635 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:21 <p>Information published.</p> Chromium: CVE-2025-13720 Bad cast in Loader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13720 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:20 <p>Information published.</p> Chromium: CVE-2025-13721 Race in v8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13721 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:20 <p>Information published.</p> Chromium: CVE-2025-13634 Inappropriate implementation in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13634 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:19 <p>Information published.</p> Chromium: CVE-2025-13633 Use after free in Digital Credentials <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13633 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:18 <p>Information published.</p> Chromium: CVE-2025-13632 Inappropriate implementation in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13632 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:17 <p>Information published.</p> Chromium: CVE-2025-13631 Inappropriate implementation in Google Updater <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13631 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:16 <p>Information published.</p> Chromium: CVE-2025-13630 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.66</td> <td>12/04/2025</td> <td>143.0.7499.40/.41</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-13630 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.66 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-04T09:14:13 <p>Information published.</p> Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information. Google is aware that an exploit for CVE-2025-14174 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.80</td> <td>12/11/2025</td> <td>143.0.7499.109/.110</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-14174 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.80 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-15T00:00:00 <p>Information published.</p> Chromium: CVE-2025-14766 Use after free in WebGPU <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.96</td> <td>12/18/2025</td> <td>143.0.7499.146/.147</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-14766 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.96 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-18T12:43:23 <p>Information published.</p> Windows Storage VSP Driver Elevation of Privilege Vulnerability <p>Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage VSP Driver Microsoft Yes CVE-2025-59516 Missing Authentication for Critical Function External Control of File Name or Path 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Storage VSP Driver Elevation of Privilege Vulnerability <p>Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Storage VSP Driver Microsoft Yes CVE-2025-59517 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 <a href="https://twitter.com/ezrak1e">Ezrak1e</a> <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> <a href="https://twitter.com/ezrak1e">Ezrak1e</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability <p>Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Message Queuing Microsoft Yes CVE-2025-62455 Improper Input Validation 11568 11569 11571 11572 11929 11930 11931 12097 12098 12099 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 <a href="https://x.com/t0zhang">T0</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Filter Driver Microsoft Yes CVE-2025-62461 Buffer Over-read 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 ChenJian with Sea Security Orca Team 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Microsoft Yes CVE-2025-62462 Buffer Over-read 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 20437 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 20437 Important 20438 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 20437 20438 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 20437 20438 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 ChenJian with Sea Security Orca Team 1.0 2025-12-09T00:00:00 <p>Information published.</p> DirectX Graphics Kernel Denial of Service Vulnerability <p>Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p> Windows DirectX Microsoft Yes CVE-2025-62463 NULL Pointer Dereference 11923 11924 11931 12097 12437 20437 20438 12242 12243 12244 12389 12390 12436 Denial of Service 11923 Denial of Service 11924 Denial of Service 11931 Denial of Service 12097 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11931 12097 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 cyanbamboo and b2ahex 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Microsoft Yes CVE-2025-62464 Buffer Over-read 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 ChenJian with Sea Security Orca Team 1.0 2025-12-09T00:00:00 <p>Information published.</p> DirectX Graphics Kernel Denial of Service Vulnerability <p>Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.</p> Windows DirectX Microsoft Yes CVE-2025-62465 NULL Pointer Dereference 11923 11924 12437 20437 20438 12242 12243 12244 12389 12390 12436 Denial of Service 11923 Denial of Service 11924 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Important 11923 Important 11924 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 6.5 5.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 cyanbamboo and b2ahex 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Microsoft Yes CVE-2025-55233 Out-of-bounds Read 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 ChenJian with Sea Security Orca Team 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Projected File System Elevation of Privilege Vulnerability <p>Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Projected File System Microsoft Yes CVE-2025-62467 Integer Overflow or Wraparound Buffer Over-read 20437 20438 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 12242 12243 12244 12389 12390 12436 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 20437 Important 20438 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072033 https://support.microsoft.com/help/5072033 20437 20438 12437 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5072014 https://support.microsoft.com/help/5072014 20437 20438 12437 12389 12390 12436 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 ChenJian with Sea Security Orca Team 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Defender Firewall Service Information Disclosure Vulnerability <p>Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read portions of data segment of the module.</p> Windows Defender Firewall Service Microsoft Yes CVE-2025-62468 Out-of-bounds Read 12437 20437 20438 12242 12243 12244 12389 12390 12436 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20437 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 20438 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> 1.1 2025-12-12T00:00:00 <p>Corrected CVSS Privileges metric to PR:L, corrected Exploitability assessment to Expoitation More Likely, and updated FAQs. These are informational changes only.</p> Windows Remote Access Connection Manager Elevation of Privilege Vulnerability <p>Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2025-62474 Improper Access Control 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) 1.0 2025-12-09T00:00:00 <p>Information published.</p> Azure Monitor Agent Remote Code Execution Vulnerability <p>Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker with local network access to an Azure Linux Virtual Machine running Azure Monitor could exploit a heap overflow to escalate privileges to the syslog user, enabling execution of arbitrary commands.</p> Azure Monitor Agent Microsoft Yes CVE-2025-62550 Out-of-bounds Write Incorrect Calculation of Buffer Size 12331 Remote Code Execution 12331 Important 12331 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12331 Release Notes https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal 12331 No Security Update 1.35.9 https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-extension-versions 12331 Release Notes P1hcn 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Access Remote Code Execution Vulnerability <p>Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> Microsoft Office Access Microsoft Yes CVE-2025-62552 Relative Path Traversal 11573 11574 11762 11763 11952 11953 12420 12421 10751 10752 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 10751 Remote Code Execution 10752 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 12420 Important 12421 Important 10751 Important 10752 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10751 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10752 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002812 https://www.microsoft.com/en-us/download/details.aspx?id=108487 5002719 10751 10752 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002812 10751 10752 5002812 <a href="https://erpaciocco.github.io/">ErPaciocco</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Excel Microsoft Yes CVE-2025-62553 Use After Free 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run 5002820 https://www.microsoft.com/en-us/download/details.aspx?id=108491 5002811 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002820 10739 10740 5002820 5002818 https://www.microsoft.com/en-us/download/details.aspx?id=108490 5002810 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002818 10739 10740 5002818 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Office Remote Code Execution Vulnerability <p>Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2025-62554 Access of Resource Using Incompatible Type ('Type Confusion') 12421 11574 12155 11951 12440 10753 10754 11953 11952 12420 11762 11763 11573 Remote Code Execution 12421 Remote Code Execution 11574 Remote Code Execution 12155 Remote Code Execution 11951 Remote Code Execution 12440 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 11953 Remote Code Execution 11952 Remote Code Execution 12420 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11573 Critical 12421 Critical 11574 Critical 12155 Critical 11951 Critical 12440 Critical 10753 Critical 10754 Critical 11953 Critical 11952 Critical 12420 Critical 11762 Critical 11763 Critical 11573 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 Click to Run 12421 11574 11953 11952 12420 11762 11763 11573 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 12421 11574 11953 11952 12420 11762 11763 11573 Click to Run Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19530.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002819 https://www.microsoft.com/en-us/download/details.aspx?id=108482 5002809 10753 10754 Maybe Security Update 16.0.5530.1001 https://support.microsoft.com/help/5002819 10753 10754 5002819 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-62555 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002821 https://www.microsoft.com/en-us/download/details.aspx?id=108485 5002805 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002821 10950 5002821 5002804 https://www.microsoft.com/en-us/download/details.aspx?id=108489 5002787 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002804 10950 5002804 5002816 https://www.microsoft.com/en-us/download/details.aspx?id=108486 5002803 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002816 11585 5002816 5002802 https://www.microsoft.com/en-us/download/details.aspx?id=108488 5002798 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002802 11585 5002802 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002806 https://www.microsoft.com/en-us/download/details.aspx?id=108492 5002789 10746 10747 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002806 10746 10747 5002806 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Excel Microsoft Yes CVE-2025-62556 Untrusted Pointer Dereference 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002817 https://www.microsoft.com/en-us/download/details.aspx?id=108483 5002801 10836 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002817 10836 5002817 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002820 https://www.microsoft.com/en-us/download/details.aspx?id=108491 5002811 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002820 10739 10740 5002820 <a href="https://twitter.com/edwardzpeng">wh1tc in Kunlun lab &amp; devoke &amp; Zhiniang Peng</a> with HUST 1.0 2025-12-09T00:00:00 <p>Information published.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Office Remote Code Execution Vulnerability <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> Microsoft Office Microsoft Yes CVE-2025-62557 Use After Free 12420 12421 11763 10753 10754 11573 11574 11953 11952 11762 12155 12440 11951 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 11763 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11953 Remote Code Execution 11952 Remote Code Execution 11762 Remote Code Execution 12155 Remote Code Execution 12440 Remote Code Execution 11951 Critical 12420 Critical 12421 Critical 11763 Critical 10753 Critical 10754 Critical 11573 Critical 11574 Critical 11953 Critical 11952 Critical 11762 Critical 12155 Critical 12440 Critical 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12155 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Click to Run 12420 12421 11763 11573 11574 11953 11952 11762 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 12420 12421 11763 11573 11574 11953 11952 11762 Click to Run 5002819 https://www.microsoft.com/en-us/download/details.aspx?id=108482 5002809 10753 10754 Maybe Security Update 16.0.5530.1001 https://support.microsoft.com/help/5002819 10753 10754 5002819 Release Notes https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow 12155 Maybe Security Update 16.0.19530.20000 https://support.google.com/googleplay/answer/113412?hl=en 12155 Release Notes Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 12440 11951 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 12440 11951 Release Notes Li Shuang, willJ and Guang Gong with Vulnerability Research Institute 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-62558 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002821 https://www.microsoft.com/en-us/download/details.aspx?id=108485 5002805 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002821 10950 5002821 5002804 https://www.microsoft.com/en-us/download/details.aspx?id=108489 5002787 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002804 10950 5002804 5002816 https://www.microsoft.com/en-us/download/details.aspx?id=108486 5002803 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002816 11585 5002816 5002802 https://www.microsoft.com/en-us/download/details.aspx?id=108488 5002798 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002802 11585 5002802 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002806 https://www.microsoft.com/en-us/download/details.aspx?id=108492 5002789 10746 10747 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002806 10746 10747 5002806 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Word Remote Code Execution Vulnerability <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Word Microsoft Yes CVE-2025-62559 Use After Free 10950 11585 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10746 10747 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10746 Remote Code Execution 10747 Important 10950 Important 11585 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10746 Important 10747 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10746 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10747 5002821 https://www.microsoft.com/en-us/download/details.aspx?id=108485 5002805 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002821 10950 5002821 5002804 https://www.microsoft.com/en-us/download/details.aspx?id=108489 5002787 10950 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002804 10950 5002804 5002816 https://www.microsoft.com/en-us/download/details.aspx?id=108486 5002803 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002816 11585 5002816 5002802 https://www.microsoft.com/en-us/download/details.aspx?id=108488 5002798 11585 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002802 11585 5002802 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002806 https://www.microsoft.com/en-us/download/details.aspx?id=108492 5002789 10746 10747 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002806 10746 10747 5002806 Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a> wh1tc@Kunlun lab&amp; devoke &amp; Zhiniang Peng with HUST 1.0 2025-12-09T00:00:00 <p>Information published.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Microsoft Excel Remote Code Execution Vulnerability <p>Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send a user a malicious Office file and convince them to open it.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>Are the updates for the Microsoft Office LTSC for Mac currently available?</strong></p> <p>The security update for Microsoft Office LTSC for Mac 2021 and 2024 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.</p> <p><strong>Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?</strong></p> <p>Yes. As of December 16, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.</p> Microsoft Office Excel Microsoft Yes CVE-2025-62560 Untrusted Pointer Dereference Buffer Over-read 10836 11573 11574 11762 11763 11951 11952 11953 12420 12421 12440 10739 10740 Remote Code Execution 10836 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 12420 Remote Code Execution 12421 Remote Code Execution 12440 Remote Code Execution 10739 Remote Code Execution 10740 Important 10836 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 12420 Important 12421 Important 12440 Important 10739 Important 10740 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10836 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12420 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12421 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12440 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10739 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10740 5002817 https://www.microsoft.com/en-us/download/details.aspx?id=108483 5002801 10836 Maybe Security Update 16.0.10417.20075 https://support.microsoft.com/help/5002817 10836 5002817 Click to Run 11573 11574 11762 11763 11952 11953 12420 12421 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 12420 12421 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Maybe Security Update 16.104.25121423 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 12440 Release Notes 5002820 https://www.microsoft.com/en-us/download/details.aspx?id=108491 5002811 10739 10740 Maybe Security Update 16.0.5530.1000 https://support.microsoft.com/help/5002820 10739 10740 5002820 1.0 2025-12-09T00:00:00 <p>Information published.</p> 2.0 2025-12-17T00:00:00 <p>Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the <a href="https://go.microsoft.com/fwlink/p/?linkid=831049">Release Notes</a> for more information and download links.</p> Windows Hyper-V Denial of Service Vulnerability <p>Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Windows Hyper-V Microsoft Yes CVE-2025-62567 Integer Underflow (Wrap or Wraparound) 11569 11571 11572 11923 11924 11931 12097 12437 20437 20438 12242 12243 12244 12389 12390 12436 10853 10816 10855 10483 10543 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11931 Denial of Service 12097 Denial of Service 12437 Denial of Service 20437 Denial of Service 20438 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 12436 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11931 Important 12097 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12437 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20437 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 20438 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12436 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11931 12097 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10853 10816 10855 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 <a href="https://x.com/hackyboiiiii">Mitchell Turner</a> with <a href="https://www.preludesecurity.com/">Prelude Research</a> https://x.com/33y0re Connor McGarr with https://www.preludesecurity.com<https://www.preludesecurity.com/> Prelude Research 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Brokering File System Elevation of Privilege Vulnerability <p>Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.</p> Microsoft Brokering File System Microsoft Yes CVE-2025-62569 Use After Free 12437 20437 20438 12244 12389 12390 12436 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Important 12437 Important 20437 Important 20438 Important 12244 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 hazard 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Camera Frame Server Monitor Information Disclosure Vulnerability <p>Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Windows Camera Frame Server Monitor Microsoft Yes CVE-2025-62570 Improper Access Control 12437 20437 20438 12389 12390 12436 Information Disclosure 12437 Information Disclosure 20437 Information Disclosure 20438 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 12436 Important 12437 Important 20437 Important 20438 Important 12389 Important 12390 Important 12436 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12437 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20437 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 20438 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12389 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12390 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 <a href="https://www.linkedin.com/in/francisco-carot-ripoll&#233;s-67b63a260/">Francisco Jos&#233; Carot Ripoll&#233;s (RipFran)</a> with <a href="https://www.linkedin.com/company/kpmg-espana/">KPMG Spain</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows File Explorer Elevation of Privilege Vulnerability <p>Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.</p> Windows Shell Microsoft Yes CVE-2025-62565 Use After Free 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 Anonymous 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Shell Elevation of Privilege Vulnerability <p>Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows Shell Microsoft Yes CVE-2025-64661 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11923 11924 5071413 5071413 https://support.microsoft.com/help/5071413 11923 11924 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 Anonymous 1.0 2025-12-09T00:00:00 <p>Information published.</p> GitHub Copilot for Jetbrains Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Via a malicious Cross Prompt Inject in untrusted files or MCP servers, an attacker could execute additional commands by appending them to commands allowed in the user's terminal auto-approve setting.</p> Copilot Microsoft Yes CVE-2025-64671 Improper Neutralization of Special Elements used in a Command ('Command Injection') 20677 Remote Code Execution 20677 Important 20677 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20677 Release Notes https://plugins.jetbrains.com/plugin/17718-github-copilot--your-ai-pair-programmer/versions/stable/892199 20677 Maybe Security Update 1.5.60-243 https://plugins.jetbrains.com/plugin/17718-github-copilot--your-ai-pair-programmer/versions/stable/892199 20677 Release Notes <a href="https://x.com/ari_maccarita">Ari Marzuk</a> with https://maccarita.com/ 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft SharePoint Server Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p> <p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p> Microsoft Office SharePoint Microsoft Yes CVE-2025-64672 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11961 Spoofing 11961 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002815 https://www.microsoft.com/en-us/download/details.aspx?id=108484 5002800 11961 Maybe Security Update 16.0.19127.20378 https://support.microsoft.com/help/5002815 11961 5002815 Jos&#233; Pedro Pereira Junior; https://www.linkedin.com/in/jose-pedro-pereira-jr/ 1.0 2025-12-09T00:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p>Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2025-64678 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5068791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068791 5066586 11568 11569 11571 11572 Yes Security Update 10.0.17763.8027 https://support.microsoft.com/help/5068791 11568 11569 11571 11572 5068791 5068787 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068787 5066782 11923 11924 Yes Security Update 10.0.20348.4405 https://support.microsoft.com/help/5068787 11923 11924 5068787 5068787 https://support.microsoft.com/help/5068787 11923 11924 5068840 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068840 11923 11924 Yes Security Hotpatch Update 10.0.20348.4346 https://support.microsoft.com/help/5068840 11923 11924 5068840 5068840 https://support.microsoft.com/help/5068840 11923 11924 5068781 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781 5066791 11929 11930 11931 Yes Security Update 10.0.19044.6575 https://support.microsoft.com/help/5068781 11929 11930 11931 5068781 5068781 https://support.microsoft.com/help/5068781 11929 11930 11931 12097 12098 12099 5068781 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068781 5066791 12097 12098 12099 Yes Security Update 10.0.19045.6575 https://support.microsoft.com/help/5068781 12097 12098 12099 5068781 5068861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861 5066835 12437 12389 12390 12436 Yes Security Update 10.0.26100.7171 https://support.microsoft.com/help/5068861 12437 12389 12390 12436 5068861 5068861 https://support.microsoft.com/help/5068861 12437 20437 20438 12389 12390 12436 5068966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7092 https://support.microsoft.com/help/5068966 12437 12389 12390 12436 5068966 5068966 https://support.microsoft.com/help/5068966 12437 20437 20438 12389 12390 12436 5068861 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068861 5066835 20437 20438 Yes Security Update 10.0.26200.7171 https://support.microsoft.com/help/5068861 20437 20438 5068861 5068966 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7092 https://support.microsoft.com/help/5068966 20437 20438 5068966 5068865 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068865 5066793 12242 12243 Yes Security Update 10.0.22631.6199 https://support.microsoft.com/help/5068865 12242 12243 5068865 5068779 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068779 5066780 12244 Yes Security Update 10.0.25398.1965 https://support.microsoft.com/help/5068779 12244 5068779 5068779 https://support.microsoft.com/help/5068779 12244 5068864 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068864 5066836 10852 10853 10816 10855 Yes Security Update 10.0.14393.8594 https://support.microsoft.com/help/5068864 10852 10853 10816 10855 5068864 5068906 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068906 5066874 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23624 https://support.microsoft.com/help/5068906 9312 10287 9318 9344 5068906 5068906 https://support.microsoft.com/help/5068906 9312 10287 9318 9344 5068909 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068909 9312 10287 9318 9344 Yes Security Only 6.0.6003.23624 https://support.microsoft.com/help/5068909 9312 10287 9318 9344 5068909 5068909 https://support.microsoft.com/help/5068909 9312 10287 9318 9344 5068904 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068904 5066872 10051 10049 Yes Monthly Rollup 6.1.7601.28021 https://support.microsoft.com/help/5068904 10051 10049 5068904 5068908 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068908 10051 10049 Yes Security Only 6.1.7601.28021 https://support.microsoft.com/help/5068908 10051 10049 5068908 5068907 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068907 5066875 10378 10379 Yes Monthly Rollup 6.2.9200.25768 https://support.microsoft.com/help/5068907 10378 10379 5068907 5068905 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5068905 5066873 10483 10543 Yes Monthly Rollup 6.3.9600.22869 https://support.microsoft.com/help/5068905 10483 10543 5068905 Anonymous 1.0 2025-12-09T00:00:00 <p>Information published. This CVE was addressed by updates that were released in November 2025, but the CVE was inadvertently omitted from the November 2025 Security Updates. This is an informational change only. Customers who have already installed the November 2025 update do not need to take any further action.</p> 1.1 2026-01-14T00:00:00 <p>Updated the build numbers. This is an informational update only.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-64679 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.1 2026-01-14T00:00:00 <p>Updated the build numbers. This is an informational update only.</p> 1.0 2025-12-09T00:00:00 <p>Information published. This CVE was addressed by updates that were released in October 2025, but the CVE was inadvertently omitted from the October 2025 Security Updates. Microsoft strongly recommends that customers running affected versions of Windows install the October 2025 updates to be protected from this vulnerability.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p>Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows DWM Core Library Microsoft Yes CVE-2025-64680 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11929 11930 11931 12085 12086 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 20437 20438 12389 12390 12436 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 20437 20438 Yes Security Update 10.0.26200.6899 https://support.microsoft.com/help/5066835 20437 20438 5066835 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 namnp with <a href="https://x.com/vcslab">Viettel Cyber Security</a> 1.0 2025-12-09T00:00:00 <p>Information published.</p> 1.1 2025-12-23T00:00:00 <p>Updated the build numbers. This is an informational update only.</p> PowerShell Remote Code Execution Vulnerability <p>Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.</p> <p><strong>Is there more information I need to know after I install the Security Updates to address this vulnerability?</strong></p> <p>After you install the updates, when you use the Invoke-WebRequest command you will see the following confirmation prompt with security warning of script execution risk:</p> <pre><code>Security Warning: Script Execution Risk Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed. RECOMMENDED ACTION: Use the -UseBasicParsing switch to avoid script code execution. Do you want to continue? </code></pre> <p>For additional details, see <a href="https://support.microsoft.com/help/5074596">KB5074596: PowerShell 5.1: Preventing script execution from web content</a>.</p> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>After I install security update 5074204 or 5074353 will a reboot be required?</strong></p> <p>Yes. After you install Security Update 5074204 or 5074353, you will be required to reboot your system.</p> <p>Note that your PowerShell session itself does not require a reboot unless a particular utility DLL is loaded in memory during the session. Consistent with previous updates, only the presence of certain DLLs in use might trigger a reboot prompt.</p> Windows PowerShell Microsoft Yes CVE-2025-54100 Improper Neutralization of Special Elements used in a Command ('Command Injection') 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 12437 20437 20438 12242 12243 12244 12389 12390 12436 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12437 Remote Code Execution 20437 Remote Code Execution 20438 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 12436 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 12437 Important 20437 Important 20438 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 12436 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11923 11924 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11923 11924 5071547 5071547 https://support.microsoft.com/help/5071547 11923 11924 5074353 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074353 11923 11924 Yes Security Only 10.0.20348.4467 https://support.microsoft.com/help/5074353 11923 11924 5074353 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12097 12098 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12097 12098 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12097 12098 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5074204 12437 12436 Yes Security Update 10.0.26100.7392 https://support.microsoft.com/en-us/topic/7a086c17-fe8e-4acf-9bcc-e8128bb069ef 12437 12436 5074204 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5074204 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074204 20437 Yes Security Update 10.0.26100.7392 https://support.microsoft.com/help/5074204 20437 5074204 5074204 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5074204 20438 12389 12390 Yes Security Only 10.0.26100.7392 https://support.microsoft.com/en-us/topic/05eec772-59fd-484d-a7e6-45e0a84580ab 20438 12389 12390 5074204 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12242 12243 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12242 12243 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 5071543 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071543 5068864 10852 10853 10816 10855 Yes Security Update 10.0.14393.8688 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071543 5071543 https://support.microsoft.com/help/5071543 10852 10853 10816 10855 5071504 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071504 5068906 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.23666 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071504 5071504 https://support.microsoft.com/help/5071504 9312 10287 9318 9344 5071507 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071507 9312 10287 9318 9344 Yes Security Only 6.0.6003.23666 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071507 5071507 https://support.microsoft.com/help/5071507 9312 10287 9318 9344 5071501 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071501 5068904 10051 10049 Yes Monthly Rollup 6.1.7601.28064 https://support.microsoft.com/help/5071501 10051 10049 5071501 5071501 https://support.microsoft.com/help/5071501 10051 10049 5071506 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071506 10051 10049 Yes Security Only 6.1.7601.28064 https://support.microsoft.com/help/5071506 10051 10049 5071506 5071505 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071505 5068907 10378 10379 Yes Monthly Rollup 6.2.9200.25815 https://support.microsoft.com/help/5071505 10378 10379 5071505 5071505 https://support.microsoft.com/help/5071505 10378 10379 5071503 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071503 5068905 10483 10543 Yes Monthly Rollup 6.3.9600.22920 https://support.microsoft.com/help/5071503 10483 10543 5071503 5071503 https://support.microsoft.com/help/5071503 10483 10543 <a href="http://x.com/osman1337_">Osman Eren G&#252;neş</a> <a href="https://x.com/melihkaanyldz">Melih Kaan Yıldız</a> Anonymous Pēteris Hermanis Osipovs DeadOverflow Justin Necke 1.1 2025-12-18T00:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> 1.0 2025-12-09T00:00:00 <p>Information published.</p> Chromium: CVE-2025-14372 Use after free in Password Manager <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2021">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.80</td> <td>12/11/2025</td> <td>143.0.7499.109/.110</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-14372 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.80 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-11T14:29:30 <p>Information published.</p> Chromium: CVE-2025-14765 Out of bounds read and write in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.96</td> <td>12/18/2025</td> <td>143.0.7499.146/.147</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2025-14765 11655 11655 11655 Release Notes 11655 No Security Update 143.0.3650.96 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2025-12-18T12:43:20 <p>Information published.</p> Custom Question Answering Elevation of Privilege Vulnerability <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Cognitive Service for Language - Custom Question Answering Microsoft No CVE-2025-64663 Server-Side Request Forgery (SSRF) 20681 Elevation of Privilege 20681 Critical 20681 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 9.9 8.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20681 1.0 2025-12-18T00:00:00 <p>Information published.</p> Microsoft Partner Center Elevation of Privilege Vulnerability <p>Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Partner Center Microsoft No CVE-2025-65041 Improper Authorization 12429 Elevation of Privilege 12429 Critical 12429 Publicly Disclosed:No;Exploited:No 10.0 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:C 12429 Gautam Peri 1.0 2025-12-18T00:00:00 <p>Information published.</p> Azure Container Apps Remote Code Execution Vulnerability <p>Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Container Apps Microsoft No CVE-2025-65037 Improper Control of Generation of Code ('Code Injection') 20757 Remote Code Execution 20757 Critical 20757 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 10.0 8.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 20757 <a href="https://twitter.com/wtm_offensi">wtm</a> with <a href="https://offensi.com/">Offensi</a> 1.0 2025-12-18T00:00:00 <p>Information published.</p> Microsoft Purview eDiscovery Remote Code Execution Vulnerability <p>'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Purview Microsoft No CVE-2025-64676 Path Traversal: '.../...//' Improper Control of Generation of Code ('Code Injection') 12352 Remote Code Execution 12352 Critical 12352 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12352 Dan Reimer with Microsoft 1.0 2025-12-18T00:00:00 <p>Information published.</p> Azure Cosmos DB Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Cosmos DB Microsoft No CVE-2025-64675 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11932 Spoofing 11932 Critical 11932 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.3 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 11932 Jianyang Song 1.0 2025-12-18T00:00:00 <p>Information published.</p> Office Out-of-Box Experience Spoofing Vulnerability <p>Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Office Out-of-Box Experience Microsoft No CVE-2025-64677 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 20679 Spoofing 20679 Critical 20679 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 20679 jhilakshi 1.0 2025-12-18T00:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p>Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2025-62221 Use After Free 11568 11929 11930 11931 12098 12097 12099 12437 20437 20438 11924 12243 12244 12242 12389 12390 12436 11569 11571 11572 11923 Elevation of Privilege 11568 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12098 Elevation of Privilege 12097 Elevation of Privilege 12099 Elevation of Privilege 12437 Elevation of Privilege 20437 Elevation of Privilege 20438 Elevation of Privilege 11924 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12242 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12436 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Important 11568 Important 11929 Important 11930 Important 11931 Important 12098 Important 12097 Important 12099 Important 12437 Important 20437 Important 20438 Important 11924 Important 12243 Important 12244 Important 12242 Important 12389 Important 12390 Important 12436 Important 11569 Important 11571 Important 11572 Important 11923 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20437 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 20438 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 5071544 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071544 5068791 11568 11569 11571 11572 Yes Security Update 10.0.17763.8146 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071544 5071544 https://support.microsoft.com/help/5071544 11568 11569 11571 11572 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 11929 11930 11931 Yes Security Update 10.0.19044.6691 https://support.microsoft.com/help/5071546 11929 11930 11931 5071546 5071546 https://support.microsoft.com/help/5071546 11929 11930 11931 12098 12097 12099 5071546 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071546 5068781 12098 12097 12099 Yes Security Update 10.0.19045.6691 https://support.microsoft.com/help/5071546 12098 12097 12099 5071546 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 12437 12389 12390 12436 Yes Security Update 10.0.26100.7462 https://support.microsoft.com/help/5072033 12437 12389 12390 12436 5072033 5072033 https://support.microsoft.com/help/5072033 12437 20437 20438 12389 12390 12436 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 12437 12389 12390 12436 Yes Security Hotpatch Update 10.0.26100.7392 https://support.microsoft.com/help/5072014 12437 12389 12390 12436 5072014 5072014 https://support.microsoft.com/help/5072014 12437 20437 20438 12389 12390 12436 5072033 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033 5068861 20437 20438 Yes Security Update 10.0.26200.7462 https://support.microsoft.com/help/5072033 20437 20438 5072033 5072014 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072014 5068966 20437 20438 Yes Security Hotpatch Update 10.0.26200.7392 https://support.microsoft.com/help/5072014 20437 20438 5072014 5071547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071547 5068787 11924 11923 Yes Security Update 10.0.20348.4529 https://support.microsoft.com/help/5071547 11924 11923 5071547 5071547 https://support.microsoft.com/help/5071547 11924 11923 5071413 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071413 5068840 11924 11923 Yes Security Hotpatch Update 10.0.20348.4467 https://support.microsoft.com/help/5071413 11924 11923 5071413 5071413 https://support.microsoft.com/help/5071413 11924 11923 5071417 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071417 5068865 12243 12242 Yes Security Update 10.0.22631.6345 https://support.microsoft.com/help/5071417 12243 12242 5071417 5071542 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5071542 5068779 12244 Yes Security Update 10.0.25398.2025 https://support.microsoft.com/help/5071542 12244 5071542 5071542 https://support.microsoft.com/help/5071542 12244 Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) 1.0 2025-12-09T00:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker using either a specially-crafted page or a content script injected into a target page can show an extension's popup over a permission prompt or screen share dialog allowing the extension to spoof parts of the prompt's UI that shows its origin.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Version</th> <th>Date Released</th> <th>Based on Chromium Version</th> </tr> </thead> <tbody> <tr> <td>143.0.3650.88</td> <td>12/18/2025</td> <td>143.0.7499.110</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker would need to gain elevated privileges enabling them to perform file operations in directories they would not normally be able to access or perform.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. * In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2025-65046 User Interface (UI) Misrepresentation of Critical Information 11815 Spoofing 11815 Low 11815 Publicly Disclosed:No;Exploited:No 3.1 2.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 143.0.3650.88 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://x.com/zxyhellzing">xzyhellsing</a> <a href="https://twitter.com/renwax23">Renwa (@RenwaX23)</a> 1.0 2025-12-18T08:00:00 <p>Information published.</p> 1.1 2026-02-20T08:00:00 <p>Updated CWE value. This is an informational change only.</p> Windows Admin Center Elevation of Privilege Vulnerability <p>Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Admin Center Microsoft Yes CVE-2025-64669 Improper Access Control 11629 Elevation of Privilege 11629 Important 11629 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11629 Release Notes https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview 11629 Maybe Security Update 2.6.5.16 https://aka.ms/wac2511 11629 Release Notes <a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://www.semperis.com/">Semperis</a> <a href="https://www.linkedin.com/in/ilan-kalendarov-4826741a0/">Ilan Kalendarov</a> with <a href="https://cymulate.com/">Cymulate</a> <a href="https://www.linkedin.com/in/elad-beber-a17946184/">Elad Beber</a> with <a href="https://cymulate.com/">Cymulate</a> <a href="https://www.linkedin.com/in/ben-zamir-401003237/">Ben Zamir</a> with <a href="https://cymulate.com/">Cymulate</a> 1.1 2025-12-11T08:00:00 <p>Corrected Build Number in the Security Updates table. This is an informational change only.</p> 1.0 2025-12-09T08:00:00 <p>Information published.</p> 1.2 2026-04-16T07:00:00 <p>Acknowledgement added. This is an informational change only.</p>