February 2025 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2025-Feb
2025-Feb
Final
1.0
646
2026-05-22T01:42:46
February 2025 Security Updates
2025-02-11T08:00:00
2026-05-22T01:42:46
<h2 id="this-release-consists-of-the-following-63-microsoft-cves">This release consists of the following 63 Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>Tag</th>
<th>CVE</th>
<th>Base Score</th>
<th>CVSS Vector</th>
<th>Exploitability</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>Microsoft Dynamics 365 Sales</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21177">CVE-2025-21177</a></td>
<td>8.7</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>N/A</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Client</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21179">CVE-2025-21179</a></td>
<td>4.8</td>
<td>CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Message Queuing</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21181">CVE-2025-21181</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Resilient File System (ReFS) Deduplication Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21182">CVE-2025-21182</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Resilient File System (ReFS) Deduplication Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21183">CVE-2025-21183</a></td>
<td>7.4</td>
<td>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows CoreMessaging</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21184">CVE-2025-21184</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Azure Network Watcher</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21188">CVE-2025-21188</a></td>
<td>6.0</td>
<td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21190">CVE-2025-21190</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Surface</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21194">CVE-2025-21194</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft High Performance Compute Pack (HPC) Linux Node Agent</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21198">CVE-2025-21198</a></td>
<td>9.0</td>
<td>CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21200">CVE-2025-21200</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21201">CVE-2025-21201</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21206">CVE-2025-21206</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21208">CVE-2025-21208</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21212">CVE-2025-21212</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21216">CVE-2025-21216</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge for iOS and Android</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21253">CVE-2025-21253</a></td>
<td>5.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21254">CVE-2025-21254</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Outlook for Android</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21259">CVE-2025-21259</a></td>
<td>5.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21267">CVE-2025-21267</a></td>
<td>4.4</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21279">CVE-2025-21279</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21283">CVE-2025-21283</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft PC Manager</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21322">CVE-2025-21322</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Windows</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21337">CVE-2025-21337</a></td>
<td>3.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21342">CVE-2025-21342</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Update Stack</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21347">CVE-2025-21347</a></td>
<td>6.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Remote Desktop Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21349">CVE-2025-21349</a></td>
<td>6.8</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kerberos</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21350">CVE-2025-21350</a></td>
<td>5.9</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Active Directory Domain Services</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21351">CVE-2025-21351</a></td>
<td>7.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td>No</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Internet Connection Sharing (ICS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21352">CVE-2025-21352</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows CoreMessaging</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21358">CVE-2025-21358</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Kernel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21359">CVE-2025-21359</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Win32 Kernel Subsystem</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21367">CVE-2025-21367</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Digest Authentication</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21368">CVE-2025-21368</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Digest Authentication</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21369">CVE-2025-21369</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21371">CVE-2025-21371</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Installer</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21373">CVE-2025-21373</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Streaming Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21375">CVE-2025-21375</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows LDAP - Lightweight Directory Access Protocol</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21376">CVE-2025-21376</a></td>
<td>8.1</td>
<td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows NTLM</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21377">CVE-2025-21377</a></td>
<td>6.5</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DHCP Server</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21379">CVE-2025-21379</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21381">CVE-2025-21381</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21383">CVE-2025-21383</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21386">CVE-2025-21386</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21387">CVE-2025-21387</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21390">CVE-2025-21390</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Storage</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391">CVE-2025-21391</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21392">CVE-2025-21392</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office Excel</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21394">CVE-2025-21394</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21397">CVE-2025-21397</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Office SharePoint</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21400">CVE-2025-21400</a></td>
<td>8.0</td>
<td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21404">CVE-2025-21404</a></td>
<td>4.3</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21406">CVE-2025-21406</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Telephony Service</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21407">CVE-2025-21407</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21408">CVE-2025-21408</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Unlikely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Routing and Remote Access Service (RRAS)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21410">CVE-2025-21410</a></td>
<td>8.8</td>
<td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows DWM Core Library</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21414">CVE-2025-21414</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Ancillary Function Driver for WinSock</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418">CVE-2025-21418</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation Detected</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Setup Files Cleanup</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21419">CVE-2025-21419</a></td>
<td>7.1</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Windows Disk Cleanup Tool</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21420">CVE-2025-21420</a></td>
<td>7.8</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation More Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Microsoft AutoUpdate (MAU)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24036">CVE-2025-24036</a></td>
<td>7.0</td>
<td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24039">CVE-2025-24039</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Visual Studio Code</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24042">CVE-2025-24042</a></td>
<td>7.3</td>
<td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td>
<td>Exploitation Less Likely</td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="we-are-republishing-4-non-microsoft-cves">We are republishing 4 non-Microsoft CVEs:</h2>
<table>
<thead>
<tr>
<th>CNA</th>
<th>Tag</th>
<th>CVE</th>
<th>FAQs?</th>
<th>Workarounds?</th>
<th>Mitigations?</th>
</tr>
</thead>
<tbody>
<tr>
<td>HackerOne</td>
<td>Open Source Software</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32002">CVE-2023-32002</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0444">CVE-2025-0444</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0445">CVE-2025-0445</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Chrome</td>
<td>Microsoft Edge (Chromium-based)</td>
<td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-0451">CVE-2025-0451</a></td>
<td><strong>Yes</strong></td>
<td>No</td>
<td>No</td>
</tr>
</tbody>
</table>
<h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2>
<table>
<thead>
<tr>
<th>Date</th>
<th>Blog Post</th>
</tr>
</thead>
<tbody>
<tr>
<td>November 12, 2024</td>
<td><a href="https://aka.ms/MSRC-CSAF-Blog">Toward greater transparency: Publishing machine-readable CSAF files</a></td>
</tr>
<tr>
<td>June 27, 2024</td>
<td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td>
</tr>
<tr>
<td>April 9, 2024</td>
<td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td>
</tr>
<tr>
<td>January 6, 2023</td>
<td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td>
</tr>
<tr>
<td>January 11, 2022</td>
<td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td>
</tr>
<tr>
<td>February 9, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td>
</tr>
<tr>
<td>January 13, 2021</td>
<td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td>
</tr>
<tr>
<td>December 8, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td>
</tr>
<tr>
<td>November 9, 2020</td>
<td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td>
</tr>
</tbody>
</table>
<h2 id="relevant-resources">Relevant Resources</h2>
<ul>
<li>The Hotpatching feature now supports Windows 11 version 24H2 client in addition to Windows Server 2022 and 2025. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li>
<li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li>
<li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li>
<li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
<li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li>
</ul>
<h2 id="known-issues">Known Issues</h2>
<p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p>
<p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p>
<table>
<thead>
<tr>
<th>KB Article</th>
<th>Applies To</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://support.microsoft.com/help/5051974">5051974</a></td>
<td>Windows 10, version 21H2, Windows 10, version 22H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5051979">5051979</a></td>
<td>Windows Server 2022</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5051980">5051980</a></td>
<td>Windows Server 2022, 23H2 Edition (Server Core installation)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5051987">5051987</a></td>
<td>Windows 11, version 24H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5051989">5051989</a></td>
<td>Windows 11, version 22H2, Windows 11, version 23H2</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5052000">5052000</a></td>
<td>Windows 10, version 1809, Windows Server 2019</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5052038">5052038</a></td>
<td>Windows Server 2008 (Monthly Rollup)</td>
</tr>
<tr>
<td><a href="https://support.microsoft.com/help/5052072">5052072</a></td>
<td>Windows Server 2008 (Security-only update)</td>
</tr>
</tbody>
</table>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Microsoft Edge (Chromium-based)
Microsoft Edge for Android
Microsoft Edge for iOS
Azure Network Watcher VM Extension
Microsoft HPC Pack 2019
Microsoft HPC Pack 2016
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.12
Visual Studio Code
Visual Studio Code - JS Debug Extension
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2024
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft AutoUpdate for Mac
Office Online Server
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
cbl2 emacs 29.4-2 on CBL Mariner 2.0
azl3 emacs 29.4-2 on Azure Linux 3.0
azl3 emacs 29.4-3 on Azure Linux 3.0
azl3 nginx 1.25.4-3 on Azure Linux 3.0
cbl2 postgresql 14.16-1 on CBL Mariner 2.0
azl3 postgresql 16.7-1 on Azure Linux 3.0
azl3 openssh 9.8p1-4 on Azure Linux 3.0
cbl2 openssh 8.9p1-7 on CBL Mariner 2.0
azl3 openssh 9.8p1-3 on Azure Linux 3.0
Microsoft Outlook for Android
Microsoft PC Manager
Microsoft Bing
Dynamics 365 Sales
Microsoft Power Pages
Surface Laptop 4 with Intel Processor
Microsoft Surface Laptop Go 2
Microsoft Surface Go 3
Microsoft Surface Laptop Go 3
Surface Laptop 4 with AMD Processor
Microsoft Surface Pro 7+
Microsoft Surface Hub 2S
Surface Laptop 3 with Intel Processor
Microsoft Surface Hub 3
Microsoft Surface Go 2
Microsoft Surface Laptop Go
Microsoft Surface Pro 8
Surface Windows Dev Kit
Microsoft Surface Pro 9 ARM
Microsoft Surface Hub
cbl2 emacs 29.4-3 on CBL Mariner 2.0
azl3 nginx 1.25.4-4 on Azure Linux 3.0
cbl2 nginx 1.22.1-13 on CBL Mariner 2.0
azl3 postgresql 16.5-2 on Azure Linux 3.0
cbl2 postgresql 14.14-1 on CBL Mariner 2.0
cbl2 openssh 8.9p1-8 on CBL Mariner 2.0
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Outlook for Android
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows Server 2016
Office Online Server
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Microsoft AutoUpdate for Mac
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Server 2019
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code
Microsoft Edge (Chromium-based)
Microsoft Surface Hub
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Edge for Android
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Dynamics 365 Sales
Microsoft SharePoint Server Subscription Edition
Microsoft Edge for iOS
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Azure Network Watcher VM Extension
CBL Mariner 2.0 x64
CBL Mariner 2.0 ARM
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.10
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Windows Server 2025
Windows Server 2025 (Server Core installation)
Microsoft Office LTSC for Mac 2024
Microsoft PC Manager
Microsoft HPC Pack 2016
Microsoft HPC Pack 2019
Microsoft Visual Studio 2022 version 17.12
Visual Studio Code - JS Debug Extension
Microsoft Surface Go 2
Microsoft Surface Pro 7+
Microsoft Surface Pro 8
Surface Windows Dev Kit
Surface Laptop 3 with Intel Processor
Surface Laptop 4 with Intel Processor
Microsoft Surface Laptop Go
Microsoft Surface Laptop Go 3
Microsoft Surface Hub 2S
Microsoft Surface Hub 3
Microsoft Surface Laptop Go 2
Microsoft Surface Go 3
Surface Laptop 4 with AMD Processor
Microsoft Surface Pro 9 ARM
Microsoft Power Pages
Microsoft Bing
cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0
cbl2 python3 3.9.19-12 on CBL Mariner 2.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0
cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0
cbl2 kernel 5.15.179.1-1 on CBL Mariner 2.0
cbl2 gnutls 3.7.11-2 on CBL Mariner 2.0
cbl2 mysql 8.0.41-1 on CBL Mariner 2.0
cbl2 emacs 29.4-3 on CBL Mariner 2.0
cbl2 postgresql 14.14-1 on CBL Mariner 2.0
cbl2 rust 1.72.0-10 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-3 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
cbl2 libgit2 1.6.5-1 on CBL Mariner 2.0
azl3 qemu 8.2.0-16 on Azure Linux 3.0
azl3 moby-containerd-cc 1.7.7-9 on Azure Linux 3.0
azl3 cmake 3.30.3-6 on Azure Linux 3.0
azl3 kernel 6.6.82.1-1 on Azure Linux 3.0
azl3 containerd 1.7.13-8 on Azure Linux 3.0
azl3 kernel 6.6.78.1-3 on Azure Linux 3.0
azl3 kernel 6.6.79.1-1 on Azure Linux 3.0
azl3 jq 1.7.1-2 on Azure Linux 3.0
azl3 fluent-bit 3.1.9-3 on Azure Linux 3.0
azl3 libxml2 2.11.5-4 on Azure Linux 3.0
azl3 kernel 6.6.76.1-1 on Azure Linux 3.0
azl3 openssl 3.3.3-1 on Azure Linux 3.0
azl3 cloud-hypervisor-cvm 38.0.72.2-3 on Azure Linux 3.0
azl3 gnutls 3.8.3-4 on Azure Linux 3.0
azl3 gnutls 3.8.3-3 on Azure Linux 3.0
azl3 libtasn1 4.19.0-2 on Azure Linux 3.0
azl3 docker-compose 2.27.0-4 on Azure Linux 3.0
azl3 kernel 6.6.78.1-1 on Azure Linux 3.0
azl3 kernel 6.6.64.2-9 on Azure Linux 3.0
azl3 kubernetes 1.30.3-2 on Azure Linux 3.0
azl3 mysql 8.0.41-1 on Azure Linux 3.0
azl3 erlang 26.2.5.6-1 on Azure Linux 3.0
azl3 vitess 19.0.4-7 on Azure Linux 3.0
azl3 emacs 29.4-3 on Azure Linux 3.0
azl3 prometheus 2.45.4-12 on Azure Linux 3.0
azl3 dcos-cli 1.2.0-18 on Azure Linux 3.0
azl3 azcopy 10.25.1-4 on Azure Linux 3.0
azl3 xorg-x11-server-Xwayland 24.1.1-3 on Azure Linux 3.0
azl3 python3 3.12.9-1 on Azure Linux 3.0
azl3 edk2 20240524git3e722403cd16-8 on Azure Linux 3.0
azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
azl3 nodejs 20.14.0-5 on Azure Linux 3.0
azl3 rpm-ostree 2024.4-3 on Azure Linux 3.0
azl3 packer 1.9.5-6 on Azure Linux 3.0
azl3 libcontainers-common 20240213-3 on Azure Linux 3.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0
cbl2 cri-o 1.22.3-12 on CBL Mariner 2.0
cbl2 terraform 1.3.2-25 on CBL Mariner 2.0
azl3 node-problem-detector 0.8.20-2 on Azure Linux 3.0
azl3 gcc 13.2.0-7 on Azure Linux 3.0
azl3 iniparser 4.1-9 on Azure Linux 3.0
cbl2 golang 1.22.7-3 on CBL Mariner 2.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
azl3 crash 8.0.4-4 on Azure Linux 3.0
azl3 curl 8.11.1-3 on Azure Linux 3.0
azl3 kubernetes 1.30.10-1 on Azure Linux 3.0
azl3 docker-buildx 0.14.0-5 on Azure Linux 3.0
azl3 iniparser 4.1-8 on Azure Linux 3.0
cbl2 mysql 8.0.40-4 on CBL Mariner 2.0
azl3 mysql 8.0.40-6 on Azure Linux 3.0
cbl2 postgresql 14.16-1 on CBL Mariner 2.0
azl3 postgresql 16.7-1 on Azure Linux 3.0
cbl2 binutils 2.37-12 on CBL Mariner 2.0
cbl2 gdb 11.2-4 on CBL Mariner 2.0
azl3 binutils 2.41-3 on Azure Linux 3.0
cbl2 binutils 2.37-13 on CBL Mariner 2.0
azl3 vim 9.1.0791-4 on Azure Linux 3.0
cbl2 emacs 29.4-2 on CBL Mariner 2.0
azl3 emacs 29.4-2 on Azure Linux 3.0
azl3 elfutils 0.189-3 on Azure Linux 3.0
azl3 elfutils 0.189-4 on Azure Linux 3.0
cbl2 libcap 2.60-3 on CBL Mariner 2.0
azl3 libcap 2.69-2 on Azure Linux 3.0
azl3 libarchive 3.7.7-2 on Azure Linux 3.0
cbl2 cloud-hypervisor 32.0-5 on CBL Mariner 2.0
azl3 binutils 2.41-5 on Azure Linux 3.0
azl3 ceph 18.2.2-6 on Azure Linux 3.0
cbl2 telegraf 1.29.4-11 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-15 on CBL Mariner 2.0
cbl2 coredns 1.11.1-14 on CBL Mariner 2.0
cbl2 moby-engine 24.0.9-15 on CBL Mariner 2.0
cbl2 azcopy 10.25.1-3 on CBL Mariner 2.0
cbl2 vitess 17.0.7-5 on CBL Mariner 2.0
cbl2 packer 1.9.5-10 on CBL Mariner 2.0
cbl2 cert-manager 1.11.2-20 on CBL Mariner 2.0
azl3 telegraf 1.31.0-5 on Azure Linux 3.0
azl3 coredns 1.11.4-3 on Azure Linux 3.0
azl3 moby-engine 25.0.3-11 on Azure Linux 3.0
azl3 containerized-data-importer 1.57.0-13 on Azure Linux 3.0
azl3 keda 2.14.1-3 on Azure Linux 3.0
azl3 influxdb 2.7.5-2 on Azure Linux 3.0
azl3 prometheus 2.45.4-8 on Azure Linux 3.0
azl3 vitess 19.0.4-5 on Azure Linux 3.0
azl3 cert-manager 1.12.15-2 on Azure Linux 3.0
azl3 azcopy 10.25.1-2 on Azure Linux 3.0
azl3 kubernetes 1.30.10-2 on Azure Linux 3.0
cbl2 kubevirt 0.59.0-25 on CBL Mariner 2.0
cbl2 terraform 1.3.2-23 on CBL Mariner 2.0
azl3 kubevirt 1.2.0-14 on Azure Linux 3.0
azl3 docker-buildx 0.14.0-4 on Azure Linux 3.0
azl3 gh 2.62.0-7 on Azure Linux 3.0
azl3 cf-cli 8.7.11-2 on Azure Linux 3.0
azl3 kubernetes 1.30.10-3 on Azure Linux 3.0
azl3 docker-compose 2.27.0-5 on Azure Linux 3.0
azl3 packer 1.9.5-9 on Azure Linux 3.0
azl3 cf-cli 8.7.11-3 on Azure Linux 3.0
azl3 gh 2.62.0-8 on Azure Linux 3.0
azl3 kubevirt 1.2.0-17 on Azure Linux 3.0
azl3 kubernetes 1.30.10-7 on Azure Linux 3.0
azl3 ig 0.37.0-4 on Azure Linux 3.0
azl3 telegraf 1.31.0-10 on Azure Linux 3.0
azl3 influxdb 2.7.5-5 on Azure Linux 3.0
azl3 containerized-data-importer 1.57.0-14 on Azure Linux 3.0
azl3 keda 2.14.1-7 on Azure Linux 3.0
cbl2 nvidia-container-toolkit 1.17.4-1 on CBL Mariner 2.0
azl3 nvidia-container-toolkit 1.17.4-1 on Azure Linux 3.0
azl3 nginx 1.25.4-3 on Azure Linux 3.0
azl3 ruby 3.3.5-2 on Azure Linux 3.0
azl3 gh 2.62.0-6 on Azure Linux 3.0
cbl2 openssh 8.9p1-7 on CBL Mariner 2.0
azl3 openssh 9.8p1-3 on Azure Linux 3.0
azl3 xorg-x11-server-Xwayland 24.1.6-1 on Azure Linux 3.0
azl3 erlang 26.2.5.9-1 on Azure Linux 3.0
cbl2 dcos-cli 1.2.0-20 on CBL Mariner 2.0
cbl2 rook 1.6.2-25 on CBL Mariner 2.0
cbl2 telegraf 1.29.4-12 on CBL Mariner 2.0
cbl2 moby-containerd 1.6.26-10 on CBL Mariner 2.0
cbl2 packer 1.9.5-9 on CBL Mariner 2.0
cbl2 cert-manager 1.11.2-19 on CBL Mariner 2.0
cbl2 keda 2.4.0-27 on CBL Mariner 2.0
cbl2 kube-vip-cloud-provider 0.0.2-20 on CBL Mariner 2.0
cbl2 influxdb 2.6.1-21 on CBL Mariner 2.0
azl3 telegraf 1.31.0-8 on Azure Linux 3.0
azl3 containerd 1.7.13-7 on Azure Linux 3.0
azl3 containerd2 2.0.0-6 on Azure Linux 3.0
azl3 ig 0.37.0-2 on Azure Linux 3.0
azl3 dcos-cli 1.2.0-17 on Azure Linux 3.0
azl3 skopeo 1.14.4-4 on Azure Linux 3.0
azl3 ruby 3.3.5-3 on Azure Linux 3.0
azl3 cert-manager 1.12.15-3 on Azure Linux 3.0
azl3 fluent-bit 3.1.9-4 on Azure Linux 3.0
azl3 libxml2 2.11.5-5 on Azure Linux 3.0
azl3 openssh 9.8p1-4 on Azure Linux 3.0
azl3 kernel 6.6.92.2-1 on Azure Linux 3.0
cm2 grub2 2.06-14 on CBL Mariner 2.0
azl3 grub2 2.06-24 on Azure Linux 3.0
azl3 elfutils 0.189-5 on Azure Linux 3.0
azl3 rust 1.75.0-16 on Azure Linux 3.0
azl3 nodejs 20.14.0-8 on Azure Linux 3.0
azl3 binutils 2.41-7 on Azure Linux 3.0
cbl2 qemu 6.2.0-24 on CBL Mariner 2.0
azl3 ceph 18.2.2-8 on Azure Linux 3.0
cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
azl3 rust 1.75.0-14 on Azure Linux 3.0
cbl2 edk2 20230301gitf80f052277c8-41 on CBL Mariner 2.0
azl3 golang 1.23.9-1 on Azure Linux 3.0
cbl2 python3 3.9.19-13 on CBL Mariner 2.0
cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-1 on Azure Linux 3.0
azl3 rust 1.86.0-1 on Azure Linux 3.0
azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
cbl2 vitess 17.0.7-8 on CBL Mariner 2.0
cbl2 libarchive 3.6.1-6 on CBL Mariner 2.0
cbl2 kernel 5.15.176.3-3 on CBL Mariner 2.0
cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
cbl2 rpm-ostree 2022.1-7 on CBL Mariner 2.0
cbl2 gcc 11.2.0-8 on CBL Mariner 2.0
cbl2 rust 1.72.0-10 on CBL Mariner 2.0
azl3 moby-engine 25.0.3-13 on Azure Linux 3.0
cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0
cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0
cbl2 vim 9.1.0791-4 on CBL Mariner 2.0
cbl2 emacs 29.4-3 on CBL Mariner 2.0
azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0
cbl2 golang 1.22.7-3 on CBL Mariner 2.0
cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0
cbl2 binutils 2.37-14 on CBL Mariner 2.0
cbl2 kubernetes 1.28.4-18 on CBL Mariner 2.0
cbl2 cloud-hypervisor 32.0-6 on CBL Mariner 2.0
cbl2 cri-o 1.22.3-14 on CBL Mariner 2.0
cbl2 kubevirt 0.59.0-28 on CBL Mariner 2.0
cbl2 golang 1.18.8-7 on CBL Mariner 2.0
cbl2 fluent-bit 3.0.6-2 on CBL Mariner 2.0
cbl2 moby-engine 24.0.9-17 on CBL Mariner 2.0
cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0
cbl2 moby-compose 2.17.3-10 on CBL Mariner 2.0
cbl2 curl 8.8.0-6 on CBL Mariner 2.0
cbl2 boost 1.76.0-4 on CBL Mariner 2.0
cbl2 cloud-hypervisor-cvm 38.0.72.2-5 on CBL Mariner 2.0
cbl2 openssl 1.1.1k-36 on CBL Mariner 2.0
cbl2 ceph 16.2.10-7 on CBL Mariner 2.0
cbl2 cert-manager 1.11.2-22 on CBL Mariner 2.0
azl3 gdb 13.2-4 on Azure Linux 3.0
cbl2 reaper 3.1.1-18 on CBL Mariner 2.0
cbl2 containerized-data-importer 1.55.0-23 on CBL Mariner 2.0
azl3 openssl 3.3.2-2 on Azure Linux 3.0
cbl2 dcos-cli 1.2.0-21 on CBL Mariner 2.0
cbl2 influxdb 2.6.1-22 on CBL Mariner 2.0
cbl2 keda 2.4.0-29 on CBL Mariner 2.0
cbl2 kube-vip-cloud-provider 0.0.2-22 on CBL Mariner 2.0
azl3 boost 1.83.0-2 on Azure Linux 3.0
cbl2 moby-containerd 1.6.26-11 on CBL Mariner 2.0
azl3 libgit2 1.7.2-1 on Azure Linux 3.0
cbl2 moby-containerd-cc 1.7.7-11 on CBL Mariner 2.0
cbl2 mysql 8.0.41-1 on CBL Mariner 2.0
cbl2 rook 1.6.2-26 on CBL Mariner 2.0
cbl2 skopeo 1.14.2-10 on CBL Mariner 2.0
azl3 nginx 1.25.4-4 on Azure Linux 3.0
cbl2 coredns 1.11.1-18 on CBL Mariner 2.0
cbl2 nodejs18 18.20.3-6 on CBL Mariner 2.0
cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
azl3 coredns 1.11.4-6 on Azure Linux 3.0
cbl2 terraform 1.3.2-25 on CBL Mariner 2.0
cbl2 azcopy 10.25.1-5 on CBL Mariner 2.0
cbl2 blobfuse2 2.1.2-8 on CBL Mariner 2.0
azl3 skopeo 1.14.4-5 on Azure Linux 3.0
cbl2 telegraf 1.29.4-16 on CBL Mariner 2.0
cbl2 packer 1.9.5-13 on CBL Mariner 2.0
azl3 containerd2 2.0.0-9 on Azure Linux 3.0
cbl2 xorg-x11-server 1.20.10-15 on CBL Mariner 2.0
cbl2 rabbitmq-server 3.11.24-3 on CBL Mariner 2.0
azl3 golang 1.22.10-2 on Azure Linux 3.0
cbl2 keras 2.11.0-3 on CBL Mariner 2.0
azl3 qemu 8.2.0-17 on Azure Linux 3.0
cbl2 kernel 5.15.184.1-1 on CBL Mariner 2.0
cbl2 cmake 3.21.4-18 on CBL Mariner 2.0
cbl2 libxml2 2.10.4-6 on CBL Mariner 2.0
cbl2 erlang 25.2-3 on CBL Mariner 2.0
azl3 python-cryptography 42.0.5-3 on Azure Linux 3.0
cbl2 crash 8.0.1-4 on CBL Mariner 2.0
cbl2 grub2 2.06-14 on CBL Mariner 2.0
cbl2 cloud-hypervisor 32.0-7 on CBL Mariner 2.0
cbl2 gnutls 3.7.11-3 on CBL Mariner 2.0
cbl2 nginx 1.22.1-13 on CBL Mariner 2.0
azl3 nvidia-container-toolkit 1.17.3-1 on Azure Linux 3.0
cbl2 nvidia-container-toolkit 1.17.3-1 on CBL Mariner 2.0
azl3 golang 1.23.3-3 on Azure Linux 3.0
cbl2 openssh 8.9p1-8 on CBL Mariner 2.0
cbl2 gdb 11.2-6 on CBL Mariner 2.0
cbl2 nmap 7.93-3 on CBL Mariner 2.0
cbl2 binutils 2.37-15 on CBL Mariner 2.0
cbl2 libcap 2.60-4 on CBL Mariner 2.0
azl3 libcap 2.69-4 on Azure Linux 3.0
azl3 annobin 12.49-2 on Azure Linux 3.0
cbl2 node-problem-detector 0.8.17-6 on CBL Mariner 2.0
azl3 rust 1.86.0-3 on Azure Linux 3.0
azl3 netavark 1.10.3-2 on Azure Linux 3.0
cbl2 libtasn1 4.19.0-2 on CBL Mariner 2.0
azl3 cloud-hypervisor-cvm 41.0.79-3 on Azure Linux 3.0
cbl2 hvloader 1.0.1-12 on CBL Mariner 2.0
azl3 postgresql 16.5-2 on Azure Linux 3.0
cbl2 postgresql 14.14-1 on CBL Mariner 2.0
cbl2 crash 8.0.1-3 on CBL Mariner 2.0
cbl2 libgit2 1.6.5-1 on CBL Mariner 2.0
cbl2 erlang 25.3.2.21-1 on CBL Mariner 2.0
cbl2 python-tensorflow-estimator 2.11.0-2 on CBL Mariner 2.0
cbl2 nss 3.75-2 on CBL Mariner 2.0
cbl2 binutils 2.37-16 on CBL Mariner 2.0
azl3 kernel 6.6.96.2-2 on Azure Linux 3.0
azl3 gdb 13.2-5 on Azure Linux 3.0
azl3 cloud-hypervisor 41.0.139-1 on Azure Linux 3.0
cbl2 grub2 2.06-15 on CBL Mariner 2.0
cbl2 gdb 11.2-7 on CBL Mariner 2.0
cbl2 binutils 2.37-17 on CBL Mariner 2.0
azl3 kernel 6.6.104.2-4 on Azure Linux 3.0
azl3 grub2 2.06-25 on Azure Linux 3.0
azl3 crash 8.0.4-5 on Azure Linux 3.0
azl3 binutils 2.41-9 on Azure Linux 3.0
azl3 gdb 13.2-6 on Azure Linux 3.0
cbl2 gdb 11.2-10 on CBL Mariner 2.0
cbl2 binutils 2.37-19 on CBL Mariner 2.0
cbl2 crash 8.0.1-5 on CBL Mariner 2.0
cbl2 openssh 8.9p1-9 on CBL Mariner 2.0
azl3 kernel 6.6.112.1-2 on Azure Linux 3.0
azl3 binutils 2.41-10 on Azure Linux 3.0
cbl2 gcc 11.2.0-9 on CBL Mariner 2.0
azl3 kernel 6.6.117.1-1 on Azure Linux 3.0
azl3 crash 9.0.0-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-1 on Azure Linux 3.0
azl3 kernel 6.6.119.3-3 on Azure Linux 3.0
azl3 kernel 6.6.121.1-1 on Azure Linux 3.0
cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0
cbl2 binutils 2.37-20 on CBL Mariner 2.0
azl3 kernel 6.6.126.1-1 on Azure Linux 3.0
azl3 tensorflow 2.16.1-11 on Azure Linux 3.0
cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0
azl3 kernel 6.6.130.1-3 on Azure Linux 3.0
azl3 cmake 3.30.3-13 on Azure Linux 3.0
azl3 binutils 2.41-11 on Azure Linux 3.0
azl3 gdb 13.2-7 on Azure Linux 3.0
azl3 kernel 6.6.134.1-2 on Azure Linux 3.0
azl3 crash 9.0.0-2 on Azure Linux 3.0
azl3 kernel 6.6.137.1-2 on Azure Linux 3.0
azl3 kernel 6.6.138.1-1 on Azure Linux 3.0
azl3 kernel 6.6.139.1-1 on Azure Linux 3.0
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
netrc and default credential leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
curl
Yes
CVE-2025-0167
20047-17086
19852-17086
17667-17084
17464-17084
19671-17084
19686-17084
17153-17086
17183-17086
19252-17084
19668-17086
19799-17086
19721-17086
17539-17084
20047-17086
19852-17086
17667-17084
17464-17084
19671-17084
19686-17084
17153-17086
17183-17086
19252-17084
19668-17086
19799-17086
19721-17086
17539-17084
Low
20047-17086
19852-17086
Low
17667-17084
Low
17464-17084
Low
19671-17084
Low
19686-17084
Low
17153-17086
Low
17183-17086
Low
19252-17084
Low
19668-17086
Low
19799-17086
19721-17086
Low
17539-17084
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
20047-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19852-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
17667-17084
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
17464-17084
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19671-17084
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19686-17084
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
17153-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
17183-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19252-17084
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19668-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19799-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
19721-17086
3.4
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
17539-17084
CBL-Mariner Releases
20047-17086
17464-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20047-17086
17464-17084
CBL-Mariner Releases
CBL-Mariner Releases
19252-17084
No
Security Update
8.11.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19252-17084
CBL-Mariner Releases
CBL-Mariner Releases
19799-17086
No
Security Update
8.8.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19799-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2025-04-11T00:00:00
<p>Information published.</p>
3.0
2025-07-11T00:00:00
<p>Added mysql to CBL-Mariner 2.0
Added curl to CBL-Mariner 2.0
Added mysql to Azure Linux 3.0
Added curl to Azure Linux 3.0</p>
4.0
2026-02-19T01:08:19
<p>Information published.</p>
Heap Overflow in iniparser.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
samsung.tv_appliance
Yes
CVE-2025-0633
Heap-based Buffer Overflow
19255-17084
18419-17084
19255-17084
18419-17084
Moderate
19255-17084
Moderate
18419-17084
CBL-Mariner Releases
19255-17084
18419-17084
No
Security Update
4.1-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19255-17084
18419-17084
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
1.1
2026-02-21T02:52:47
<p>Information published.</p>
gzip integer overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
curl
Yes
CVE-2025-0725
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19799-17086
19668-17086
19852-17086
17667-17084
19686-17084
17183-17086
17153-17086
19256-16823
19252-17084
19257-17084
19721-17086
20047-17086
17539-17084
19671-17084
19799-17086
19668-17086
19852-17086
17667-17084
19686-17084
17183-17086
17153-17086
19256-16823
19252-17084
19257-17084
19721-17086
20047-17086
17539-17084
19671-17084
Important
19799-17086
Important
19668-17086
19852-17086
Important
17667-17084
Important
19686-17084
Important
17183-17086
Important
17153-17086
Important
19256-16823
Important
19252-17084
Important
19257-17084
19721-17086
Important
20047-17086
Important
17539-17084
Important
19671-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19799-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19668-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19852-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17667-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19686-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17183-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17153-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19256-16823
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19252-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19257-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19721-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20047-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
17539-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19671-17084
CBL-Mariner Releases
19852-17086
17153-17086
19256-16823
No
Security Update
8.0.40-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19852-17086
17153-17086
19256-16823
CBL-Mariner Releases
CBL-Mariner Releases
19252-17084
No
Security Update
8.11.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19252-17084
CBL-Mariner Releases
CBL-Mariner Releases
19257-17084
No
Security Update
8.0.40-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19257-17084
CBL-Mariner Releases
CBL-Mariner Releases
17539-17084
No
Security Update
8.0.42-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17539-17084
CBL-Mariner Releases
1.0
2025-02-14T00:00:00
<p>Information published.</p>
2.0
2025-02-20T00:00:00
<p>Information published.</p>
3.0
2025-02-21T00:00:00
<p>Information published.</p>
4.0
2025-03-13T00:00:00
<p>Information published.</p>
5.0
2026-02-19T01:07:09
<p>Information published.</p>
GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1176
Heap-based Buffer Overflow
20203-17086
21201-17084
19263-16823
19264-16823
19265-17084
19280-17084
19760-17086
20203-17086
21201-17084
19263-16823
19264-16823
19265-17084
19280-17084
19760-17086
Moderate
20203-17086
Moderate
21201-17084
Moderate
19263-16823
Moderate
19264-16823
Moderate
19265-17084
Moderate
19280-17084
Moderate
19760-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
20203-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
21201-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19263-16823
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19264-16823
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19265-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19280-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19760-17086
CBL-Mariner Releases
20203-17086
19264-16823
No
Security Update
11.2-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20203-17086
19264-16823
CBL-Mariner Releases
CBL-Mariner Releases
19263-16823
19760-17086
No
Security Update
2.37-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19263-16823
19760-17086
CBL-Mariner Releases
CBL-Mariner Releases
19265-17084
19280-17084
No
Security Update
2.41-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19265-17084
19280-17084
CBL-Mariner Releases
1.0
2025-02-17T00:00:00
<p>Information published.</p>
2.0
2025-02-26T00:00:00
<p>Information published.</p>
3.0
2025-02-28T00:00:00
<p>Information published.</p>
5.0
2025-03-02T00:00:00
<p>Information published.</p>
6.0
2025-03-03T00:00:00
<p>Information published.</p>
9.0
2025-03-06T00:00:00
<p>Information published.</p>
1.0
2025-03-08T00:00:00
<p>Information published.</p>
1.1
2025-03-09T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.4
2025-03-12T00:00:00
<p>Added binutils to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
1.5
2025-03-19T00:00:00
<p>Added gdb to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
10.0
2026-05-19T01:01:58
<p>Information published.</p>
4.0
2025-03-01T00:00:00
<p>Information published.</p>
7.0
2025-03-04T00:00:00
<p>Information published.</p>
8.0
2025-03-05T00:00:00
<p>Information published.</p>
1.2
2025-03-10T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.3
2025-03-11T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
9.1
2026-02-19T01:14:04
<p>Information published.</p>
GNU Binutils ld libbfd.c bfd_putl64 memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1178
Improper Restriction of Operations within the Bounds of a Memory Buffer
19760-17086
19280-17084
21201-17084
19266-16823
19265-17084
19760-17086
19280-17084
21201-17084
19266-16823
19265-17084
Moderate
19760-17086
Moderate
19280-17084
Moderate
21201-17084
Moderate
19266-16823
Moderate
19265-17084
5.6
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
19760-17086
5.6
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
19280-17084
5.6
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
21201-17084
5.6
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
19266-16823
5.6
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
19265-17084
CBL-Mariner Releases
19760-17086
19266-16823
No
Security Update
2.37-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19760-17086
19266-16823
CBL-Mariner Releases
CBL-Mariner Releases
19280-17084
19265-17084
No
Security Update
2.41-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19280-17084
19265-17084
CBL-Mariner Releases
1.0
2025-02-23T00:00:00
<p>Information published.</p>
5.0
2025-03-02T00:00:00
<p>Information published.</p>
6.0
2025-03-03T00:00:00
<p>Information published.</p>
1.0
2025-03-08T00:00:00
<p>Information published.</p>
1.2
2025-03-10T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
9.1
2026-02-19T01:15:56
<p>Information published.</p>
10.0
2026-05-19T01:01:52
<p>Information published.</p>
2.0
2025-02-26T00:00:00
<p>Information published.</p>
3.0
2025-02-28T00:00:00
<p>Information published.</p>
4.0
2025-03-01T00:00:00
<p>Information published.</p>
7.0
2025-03-04T00:00:00
<p>Information published.</p>
8.0
2025-03-05T00:00:00
<p>Information published.</p>
9.0
2025-03-06T00:00:00
<p>Information published.</p>
1.1
2025-03-09T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.3
2025-03-11T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
vim main.c memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1215
Improper Restriction of Operations within the Bounds of a Memory Buffer
19268-17084
19744-17086
19268-17084
19744-17086
Low
19268-17084
Low
19744-17086
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
19268-17084
2.8
2.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
19744-17086
CBL-Mariner Releases
19268-17084
19744-17086
No
Security Update
9.1.0791-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19268-17084
19744-17086
CBL-Mariner Releases
1.0
2025-02-27T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2025-08-13T00:00:00
<p>Added vim to CBL-Mariner 2.0
Added vim to Azure Linux 3.0</p>
2.2
2026-02-19T01:16:56
<p>Information published.</p>
Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-1244
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
19745-17086
19270-16823
19271-17084
17557-17084
17168-17086
19745-17086
19270-16823
19271-17084
17557-17084
17168-17086
19745-17086
Important
19270-16823
Important
19271-17084
Important
17557-17084
Important
17168-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
19745-17086
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
19270-16823
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
19271-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17557-17084
8.8
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
17168-17086
CBL-Mariner Releases
19745-17086
19270-16823
19271-17084
17557-17084
17168-17086
No
Security Update
29.4-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19745-17086
19270-16823
19271-17084
17557-17084
17168-17086
CBL-Mariner Releases
1.0
2025-02-20T00:00:00
<p>Information published.</p>
2.0
2025-02-21T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:17:14
<p>Information published.</p>
GNU elfutils eu-readelf readelf.c process_symtab buffer overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1365
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19273-17084
19272-17084
19273-17084
19272-17084
Moderate
19273-17084
Moderate
19272-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19273-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19272-17084
CBL-Mariner Releases
19272-17084
No
Security Update
0.189-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19272-17084
CBL-Mariner Releases
1.0
2025-09-04T00:00:27
<p>Information published.</p>
1.1
2026-02-21T02:45:07
<p>Information published.</p>
GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1377
Improper Resource Shutdown or Release
19273-17084
19273-17084
Low
19273-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19273-17084
CBL-Mariner Releases
19273-17084
No
Security Update
0.189-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19273-17084
CBL-Mariner Releases
1.0
2025-04-19T00:00:00
<p>Information published.</p>
pam_cap: Fix potential configuration parsing error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Anolis
Yes
CVE-2025-1390
Improper Access Control
20232-17086
20234-17084
19274-16823
19275-17084
20232-17086
20234-17084
19274-16823
19275-17084
Moderate
20232-17086
Moderate
20234-17084
Moderate
19274-16823
Moderate
19275-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
20232-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
20234-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
19274-16823
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
19275-17084
CBL-Mariner Releases
20232-17086
19274-16823
No
Security Update
2.60-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20232-17086
19274-16823
CBL-Mariner Releases
CBL-Mariner Releases
20234-17084
19275-17084
No
Security Update
2.69-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20234-17084
19275-17084
CBL-Mariner Releases
1.0
2025-02-27T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:24:19
<p>Information published.</p>
Mishandling of comma during folding and unicode-encoding of email headers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2025-1795
17092-16823
19681-17086
17667-17084
17092-16823
19681-17086
17667-17084
Low
17092-16823
Low
19681-17086
Low
17667-17084
CBL-Mariner Releases
17092-16823
19681-17086
No
Security Update
3.9.19-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17092-16823
19681-17086
CBL-Mariner Releases
1.0
2025-04-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T04:24:37
<p>Information published.</p>
gpio: xilinx: Convert gpio_lock to raw spinlock
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21684
17103-16823
17476-17084
19682-17086
17501-17084
18490-17086
17103-16823
17476-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17476-17084
19682-17086
Moderate
17501-17084
Moderate
18490-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19682-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17501-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17476-17084
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17476-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
2.0
2026-02-19T01:10:52
<p>Information published.</p>
1.0
2025-03-14T00:00:00
<p>Information published.</p>
scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21690
Allocation of Resources Without Limits or Throttling
17099-17086
17095-16823
17476-17084
19705-17086
17501-17084
17099-17086
17095-16823
17476-17084
19705-17086
17501-17084
Moderate
17099-17086
Moderate
17095-16823
Moderate
17476-17084
19705-17086
Moderate
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17476-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17099-17086
17095-16823
19705-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17099-17086
17095-16823
19705-17086
CBL-Mariner Releases
CBL-Mariner Releases
17476-17084
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17476-17084
17501-17084
CBL-Mariner Releases
3.0
2026-02-21T02:42:19
<p>Information published.</p>
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
drm/v3d: Ensure job pointer is set to NULL after job completion
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21697
17095-16823
17476-17084
19705-17086
17501-17084
17099-17086
17095-16823
17476-17084
19705-17086
17501-17084
17099-17086
Moderate
17095-16823
Moderate
17476-17084
19705-17086
17501-17084
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17476-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17476-17084
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17476-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:21:15
<p>Information published.</p>
gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21699
19705-17086
17476-17084
17501-17084
17099-17086
19705-17086
17476-17084
17501-17084
17099-17086
19705-17086
Moderate
17476-17084
Moderate
17501-17084
Moderate
17099-17086
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17476-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
17501-17084
6.1
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17476-17084
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17476-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:21:36
<p>Information published.</p>
mptcp: consolidate suboption status
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21707
19682-17086
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
Moderate
17103-16823
Moderate
17471-17084
17501-17084
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:41:22
<p>Information published.</p>
net/rose: prevent integer overflows in rose_setsockopt()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21711
Integer Overflow or Wraparound
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
17471-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:45:13
<p>Information published.</p>
nbd: don't allow reconnect after disconnect
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21731
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
Moderate
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:07:35
<p>Information published.</p>
nilfs2: fix possible int overflows in nilfs_fiemap()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21736
Integer Overflow or Wraparound
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:27:39
<p>Information published.</p>
usbnet: ipheth: fix possible overflow in DPE length check
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21743
Out-of-bounds Read
17494-17084
17501-17084
17494-17084
17501-17084
Important
17494-17084
Important
17501-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17494-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17501-17084
CBL-Mariner Releases
17494-17084
No
Security Update
6.6.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17494-17084
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:38:19
<p>Information published.</p>
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21744
19682-17086
18490-17086
17103-16823
17471-17084
17501-17084
19682-17086
18490-17086
17103-16823
17471-17084
17501-17084
19682-17086
18490-17086
Moderate
17103-16823
Moderate
17471-17084
17501-17084
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:37:18
<p>Information published.</p>
ksmbd: fix integer overflows on 32 bit systems
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21748
Integer Overflow or Wraparound
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:17:47
<p>Information published.</p>
net: rose: lock the socket in rose_bind()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21749
Improper Locking
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
CBL-Mariner Releases
17501-17084
17471-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:25:45
<p>Information published.</p>
btrfs: fix use-after-free when attempting to join an aborted transaction
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21753
19705-17086
17095-16823
17099-17086
19705-17086
17095-16823
17099-17086
19705-17086
Important
17095-16823
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17095-16823
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17095-16823
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:03:28
<p>Information published.</p>
ipv6: mcast: extend RCU protection in igmp6_send()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21759
Use After Free
17087-17086
17471-17084
17465-17084
20925-17086
21093-17086
17087-17086
17471-17084
17465-17084
20925-17086
21093-17086
Important
17087-17086
Important
17471-17084
Important
17465-17084
Important
20925-17086
Important
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T15:10:04
<p>Information published.</p>
3.0
2026-03-31T15:07:44
<p>Information published.</p>
2.0
2026-03-03T14:50:57
<p>Information published.</p>
ndisc: extend RCU protection in ndisc_send_skb()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21760
Use After Free
17095-16823
17465-17084
17471-17084
17099-17086
17095-16823
17465-17084
17471-17084
17099-17086
Important
17095-16823
Important
17465-17084
Important
17471-17084
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
17095-16823
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-18T15:09:33
<p>Information published.</p>
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21761
Use After Free
19705-17086
17095-16823
17465-17084
17471-17084
17099-17086
19705-17086
17095-16823
17465-17084
17471-17084
17099-17086
19705-17086
Important
17095-16823
Important
17465-17084
Important
17471-17084
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17095-16823
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17095-16823
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
3.0
2026-02-18T01:11:07
<p>Information published.</p>
neighbour: use RCU protection in __neigh_notify()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21763
Use After Free
19705-17086
17471-17084
17095-16823
17465-17084
17099-17086
19705-17086
17471-17084
17095-16823
17465-17084
17099-17086
19705-17086
Moderate
17471-17084
Moderate
17095-16823
Moderate
17465-17084
Moderate
17099-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19705-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17095-16823
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17095-16823
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-18T15:08:02
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
ndisc: use RCU protection in ndisc_alloc_skb()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21764
Use After Free
19705-17086
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
Moderate
17471-17084
Moderate
17099-17086
Moderate
17095-16823
Moderate
17465-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19705-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17471-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
CBL-Mariner Releases
19705-17086
17099-17086
17095-16823
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
17095-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-18T15:06:33
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
USB: hub: Ignore non-compliant devices with too many configs or interfaces
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21776
19682-17086
17103-16823
17472-17084
17471-17084
18490-17086
19682-17086
17103-16823
17472-17084
17471-17084
18490-17086
19682-17086
Moderate
17103-16823
Moderate
17472-17084
17471-17084
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:22:28
<p>Information published.</p>
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21779
19682-17086
17103-16823
17472-17084
17471-17084
18490-17086
19682-17086
17103-16823
17472-17084
17471-17084
18490-17086
19682-17086
Moderate
17103-16823
Moderate
17472-17084
17471-17084
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
2.0
2026-02-18T01:23:22
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
gpiolib: Fix crash on error in gpiochip_get_ngpios()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21783
NULL Pointer Dereference
17471-17084
17472-17084
17471-17084
17472-17084
17471-17084
Moderate
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21785
Out-of-bounds Write
19682-17086
17472-17084
17471-17084
18490-17086
19682-17086
17472-17084
17471-17084
18490-17086
19682-17086
Important
17472-17084
Important
17471-17084
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17472-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
2.0
2026-02-18T01:21:35
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
team: better TEAM_OPTION_TYPE_STRING validation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21787
19682-17086
17471-17084
17103-16823
17472-17084
18490-17086
19682-17086
17471-17084
17103-16823
17472-17084
18490-17086
19682-17086
17471-17084
Moderate
17103-16823
Moderate
17472-17084
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
2.0
2026-02-18T01:28:32
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
vrf: use RCU protection in l3mdev_l3_out()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21791
19682-17086
18490-17086
17103-16823
17465-17084
17471-17084
19682-17086
18490-17086
17103-16823
17465-17084
17471-17084
19682-17086
Important
18490-17086
Important
17103-16823
Important
17465-17084
Important
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17103-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T02:19:19
<p>Information published.</p>
ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21792
17087-17086
17471-17084
20925-17086
17472-17084
21093-17086
17087-17086
17471-17084
20925-17086
17472-17084
21093-17086
17087-17086
17471-17084
20925-17086
Moderate
17472-17084
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-03-03T14:42:17
<p>Information published.</p>
3.0
2026-03-31T14:53:35
<p>Information published.</p>
nfsd: clear acl_access/acl_default after releasing them
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21796
19705-17086
17095-16823
17465-17084
17471-17084
17099-17086
19705-17086
17095-16823
17465-17084
17471-17084
17099-17086
19705-17086
Moderate
17095-16823
Moderate
17465-17084
Moderate
17471-17084
Moderate
17099-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17471-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17095-16823
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17095-16823
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-18T15:07:25
<p>Information published.</p>
ptp: Ensure info->enable callback is always set
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21814
NULL Pointer Dereference
19682-17086
17501-17084
17103-16823
17471-17084
18490-17086
19682-17086
17501-17084
17103-16823
17471-17084
18490-17086
19682-17086
17501-17084
Moderate
17103-16823
Moderate
17471-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
17471-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:08:41
<p>Information published.</p>
Unexpected memory consumption during token parsing in golang.org/x/oauth2
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-22868
Improper Validation of Syntactic Correctness of Input
17591-17084
19432-17084
17582-17084
19344-17084
19335-17084
19346-17084
19698-17086
19921-17086
19923-17086
19867-17086
19761-17086
19291-16823
19292-16823
19293-16823
19295-16823
19296-16823
19297-16823
19298-16823
19300-16823
19301-17084
19302-17084
19303-17084
19304-17084
19305-17084
17759-17084
19306-17084
19307-17084
19308-17084
18211-17084
19309-17084
19310-17084
19311-17084
19340-17084
17547-17084
19347-17084
19729-17084
19908-17084
19343-17084
19817-17086
20242-17086
19945-17086
19789-17086
19939-17086
17591-17084
19432-17084
17582-17084
19344-17084
19335-17084
19346-17084
19698-17086
19921-17086
19923-17086
19867-17086
19761-17086
19291-16823
19292-16823
19293-16823
19295-16823
19296-16823
19297-16823
19298-16823
19300-16823
19301-17084
19302-17084
19303-17084
19304-17084
19305-17084
17759-17084
19306-17084
19307-17084
19308-17084
18211-17084
19309-17084
19310-17084
19311-17084
19340-17084
17547-17084
19347-17084
19729-17084
19908-17084
19343-17084
19817-17086
20242-17086
19945-17086
19789-17086
19939-17086
Important
17591-17084
Important
19432-17084
Important
17582-17084
Important
19344-17084
Important
19335-17084
Important
19346-17084
Important
19698-17086
Important
19921-17086
Important
19923-17086
Important
19867-17086
Important
19761-17086
Important
19291-16823
Important
19292-16823
Important
19293-16823
Important
19295-16823
Important
19296-16823
Important
19297-16823
Important
19298-16823
Important
19300-16823
Important
19301-17084
Important
19302-17084
Important
19303-17084
Important
19304-17084
Important
19305-17084
Important
17759-17084
Important
19306-17084
Important
19307-17084
Important
19308-17084
Important
18211-17084
Important
19309-17084
Important
19310-17084
Important
19311-17084
Important
19340-17084
Important
17547-17084
Important
19347-17084
Important
19729-17084
Important
19908-17084
Important
19343-17084
Important
19817-17086
Important
20242-17086
Important
19945-17086
Important
19789-17086
Important
19939-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17591-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19432-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17582-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19344-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19335-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19346-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19698-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19921-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19923-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19867-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19761-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19291-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19292-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19293-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19295-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19296-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19297-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19298-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19300-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19301-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19302-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19303-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19304-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19305-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17759-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19306-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19307-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19308-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18211-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19309-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19310-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19311-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19340-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17547-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19347-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19729-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19908-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19343-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19817-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20242-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19945-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19789-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19939-17086
CBL-Mariner Releases
17591-17084
19310-17084
No
Security Update
10.25.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17591-17084
19310-17084
CBL-Mariner Releases
CBL-Mariner Releases
19432-17084
19309-17084
No
Security Update
1.12.15-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19432-17084
19309-17084
CBL-Mariner Releases
CBL-Mariner Releases
17582-17084
19307-17084
No
Security Update
2.45.4-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17582-17084
19307-17084
CBL-Mariner Releases
CBL-Mariner Releases
19344-17084
19306-17084
No
Security Update
2.7.5-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19344-17084
19306-17084
CBL-Mariner Releases
CBL-Mariner Releases
19335-17084
17759-17084
No
Security Update
1.9.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19335-17084
17759-17084
CBL-Mariner Releases
CBL-Mariner Releases
19346-17084
19304-17084
No
Security Update
1.57.0-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19346-17084
19304-17084
CBL-Mariner Releases
CBL-Mariner Releases
19698-17086
19297-16823
No
Security Update
17.0.7-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19698-17086
19297-16823
CBL-Mariner Releases
CBL-Mariner Releases
19921-17086
19296-16823
No
Security Update
10.25.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19921-17086
19296-16823
CBL-Mariner Releases
CBL-Mariner Releases
19923-17086
No
Security Update
2.1.2-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19923-17086
CBL-Mariner Releases
CBL-Mariner Releases
19867-17086
19293-16823
No
Security Update
1.11.1-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19867-17086
19293-16823
CBL-Mariner Releases
CBL-Mariner Releases
19761-17086
19292-16823
No
Security Update
1.28.4-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19761-17086
19292-16823
CBL-Mariner Releases
CBL-Mariner Releases
19291-16823
19939-17086
No
Security Update
1.29.4-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19291-16823
19939-17086
CBL-Mariner Releases
CBL-Mariner Releases
19295-16823
19789-17086
No
Security Update
24.0.9-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19295-16823
19789-17086
CBL-Mariner Releases
CBL-Mariner Releases
19298-16823
19945-17086
No
Security Update
1.9.5-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19298-16823
19945-17086
CBL-Mariner Releases
CBL-Mariner Releases
19300-16823
19817-17086
No
Security Update
1.11.2-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19300-16823
19817-17086
CBL-Mariner Releases
CBL-Mariner Releases
19301-17084
19343-17084
No
Security Update
1.31.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19301-17084
19343-17084
CBL-Mariner Releases
CBL-Mariner Releases
19302-17084
19908-17084
No
Security Update
1.11.4-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19302-17084
19908-17084
CBL-Mariner Releases
CBL-Mariner Releases
19303-17084
19729-17084
No
Security Update
25.0.3-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19303-17084
19729-17084
CBL-Mariner Releases
CBL-Mariner Releases
19305-17084
19347-17084
No
Security Update
2.14.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19305-17084
19347-17084
CBL-Mariner Releases
CBL-Mariner Releases
19308-17084
17547-17084
No
Security Update
19.0.4-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19308-17084
17547-17084
CBL-Mariner Releases
CBL-Mariner Releases
18211-17084
No
Security Update
0.8.20-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18211-17084
CBL-Mariner Releases
CBL-Mariner Releases
19311-17084
19340-17084
No
Security Update
1.30.10-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19311-17084
19340-17084
CBL-Mariner Releases
CBL-Mariner Releases
20242-17086
No
Security Update
0.8.17-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20242-17086
CBL-Mariner Releases
1.0
2025-03-08T00:00:00
<p>Information published.</p>
2.0
2025-03-09T00:00:00
<p>Information published.</p>
3.0
2025-03-10T00:00:00
<p>Information published.</p>
5.0
2025-03-18T00:00:00
<p>Information published.</p>
7.1
2026-02-21T03:55:14
<p>Information published.</p>
4.0
2025-03-13T00:00:00
<p>Information published.</p>
6.0
2025-03-25T00:00:00
<p>Information published.</p>
7.0
2025-03-27T00:00:00
<p>Information published.</p>
TLS Session Resumption Vulnerability
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
f5
Yes
CVE-2025-23419
Improper Authentication
19860-17084
19359-17084
20144-17086
19860-17084
19359-17084
20144-17086
Moderate
19860-17084
Moderate
19359-17084
Moderate
20144-17086
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
19860-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
19359-17084
4.3
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
20144-17086
CBL-Mariner Releases
19860-17084
19359-17084
No
Security Update
1.25.4-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19860-17084
19359-17084
CBL-Mariner Releases
CBL-Mariner Releases
20144-17086
No
Security Update
1.22.1-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20144-17086
CBL-Mariner Releases
2.1
2026-02-19T01:08:54
<p>Information published.</p>
1.0
2025-02-16T00:00:00
<p>Information published.</p>
2.0
2025-02-20T00:00:00
<p>Information published.</p>
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-25204
Detection of Error Condition Without Action
19338-17084
19365-17084
19338-17084
19365-17084
Moderate
19338-17084
Moderate
19365-17084
6.3
6.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
19338-17084
6.3
6.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
19365-17084
CBL-Mariner Releases
19338-17084
19365-17084
No
Security Update
2.62.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19338-17084
19365-17084
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
1.1
2026-02-19T01:23:00
<p>Information published.</p>
Openssh: denial-of-service in openssh
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26466
Allocation of Resources Without Limits or Throttling
19370-17084
19453-17084
20608-17086
19370-17084
19453-17084
20608-17086
Important
19370-17084
Important
19453-17084
Moderate
20608-17086
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19370-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19453-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
20608-17086
CBL-Mariner Releases
19370-17084
19453-17084
No
Security Update
9.8p1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19370-17084
19453-17084
CBL-Mariner Releases
CBL-Mariner Releases
20608-17086
No
Security Update
8.9p1-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20608-17086
CBL-Mariner Releases
1.0
2025-03-02T00:00:00
<p>Information published.</p>
1.1
2026-02-19T01:23:24
<p>Information published.</p>
X.org: xwayland: use-after-free of the root cursor
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26594
Use After Free
17593-17084
19982-17086
19372-17084
17593-17084
19982-17086
19372-17084
Important
17593-17084
Important
19982-17086
Important
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T03:59:34
<p>Information published.</p>
Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26597
Improper Restriction of Operations within the Bounds of a Memory Buffer
17593-17084
19982-17086
19372-17084
17593-17084
19982-17086
19372-17084
Important
17593-17084
Important
19982-17086
Important
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T04:02:38
<p>Information published.</p>
Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26598
Out-of-bounds Write
17593-17084
19982-17086
19372-17084
17593-17084
19982-17086
19372-17084
Important
17593-17084
Important
19982-17086
Important
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T03:58:08
<p>Information published.</p>
Xorg: xwayland: use-after-free in playreleasedevents()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26600
Use After Free
17593-17084
19982-17086
19372-17084
17593-17084
19982-17086
19372-17084
Important
17593-17084
Important
19982-17086
Important
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T04:03:58
<p>Information published.</p>
Xorg: xwayland: use-after-free in syncinittrigger()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26601
Use After Free
17593-17084
19982-17086
19372-17084
17593-17084
19982-17086
19372-17084
Important
17593-17084
Important
19982-17086
Important
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
2.1
2026-02-21T04:06:35
<p>Information published.</p>
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
heap-use-after-free in function str_to_reg in vim/vim
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-26603
Use After Free
19744-17086
19268-17084
19744-17086
19268-17084
Moderate
19744-17086
Moderate
19268-17084
4.2
4.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
19744-17086
4.2
4.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
19268-17084
CBL-Mariner Releases
19744-17086
19268-17084
No
Security Update
9.1.0791-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19744-17086
19268-17084
CBL-Mariner Releases
1.0
2025-02-27T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:24:09
<p>Information published.</p>
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-27113
NULL Pointer Dereference
19447-17084
17475-17084
20051-17086
19447-17084
17475-17084
20051-17086
Low
19447-17084
Low
17475-17084
Low
20051-17086
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
19447-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
17475-17084
2.9
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
20051-17086
CBL-Mariner Releases
19447-17084
17475-17084
No
Security Update
2.11.5-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19447-17084
17475-17084
CBL-Mariner Releases
CBL-Mariner Releases
20051-17086
No
Security Update
2.10.4-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20051-17086
CBL-Mariner Releases
1.0
2025-02-27T00:00:00
<p>Information published.</p>
3.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2025-02-28T00:00:00
<p>Information published.</p>
3.1
2026-02-21T02:44:24
<p>Information published.</p>
Go JOSE's Parsing Vulnerable to Denial of Service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-27144
Allocation of Resources Without Limits or Throttling
19935-17084
19833-17086
19342-17084
19840-17086
19432-17084
19344-17084
19346-17084
19972-17084
19817-17086
19945-17086
19343-17084
19939-17086
19821-17086
19761-17086
19858-17086
19854-17086
19848-17086
19829-17086
19375-16823
19376-16823
18129-16823
19292-16823
19379-16823
19380-16823
19381-16823
19382-16823
19383-16823
19384-16823
19385-16823
19386-17084
17759-17084
19305-17084
19387-17084
19388-17084
19317-17084
19304-17084
19306-17084
19309-17084
17461-17084
19319-17084
19389-17084
19390-17084
19391-17084
17586-17084
19340-17084
19338-17084
19836-17086
17793-17084
17468-17084
19347-17084
19335-17084
19845-17086
19792-17086
19777-17086
19935-17084
19833-17086
19342-17084
19840-17086
19432-17084
19344-17084
19346-17084
19972-17084
19817-17086
19945-17086
19343-17084
19939-17086
19821-17086
19761-17086
19858-17086
19854-17086
19848-17086
19829-17086
19375-16823
19376-16823
18129-16823
19292-16823
19379-16823
19380-16823
19381-16823
19382-16823
19383-16823
19384-16823
19385-16823
19386-17084
17759-17084
19305-17084
19387-17084
19388-17084
19317-17084
19304-17084
19306-17084
19309-17084
17461-17084
19319-17084
19389-17084
19390-17084
19391-17084
17586-17084
19340-17084
19338-17084
19836-17086
17793-17084
17468-17084
19347-17084
19335-17084
19845-17086
19792-17086
19777-17086
Moderate
19935-17084
Moderate
19833-17086
Moderate
19342-17084
Moderate
19840-17086
Moderate
19432-17084
Moderate
19344-17084
Moderate
19346-17084
Moderate
19972-17084
Moderate
19817-17086
Moderate
19945-17086
Moderate
19343-17084
Moderate
19939-17086
Moderate
19821-17086
Moderate
19761-17086
Moderate
19858-17086
Moderate
19854-17086
Moderate
19848-17086
Moderate
19829-17086
Moderate
19375-16823
Moderate
19376-16823
Moderate
18129-16823
Moderate
19292-16823
Moderate
19379-16823
Moderate
19380-16823
Moderate
19381-16823
Moderate
19382-16823
Moderate
19383-16823
Moderate
19384-16823
Moderate
19385-16823
Moderate
19386-17084
Moderate
17759-17084
Moderate
19305-17084
Moderate
19387-17084
Moderate
19388-17084
Moderate
19317-17084
Moderate
19304-17084
Moderate
19306-17084
Moderate
19309-17084
Moderate
17461-17084
Moderate
19319-17084
Moderate
19389-17084
Moderate
19390-17084
Moderate
19391-17084
Moderate
17586-17084
Moderate
19340-17084
Moderate
19338-17084
Moderate
19836-17086
Moderate
17793-17084
Moderate
17468-17084
Moderate
19347-17084
Moderate
19335-17084
Moderate
19845-17086
Moderate
19792-17086
Moderate
19777-17086
CBL-Mariner Releases
19935-17084
19391-17084
No
Security Update
1.14.4-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19935-17084
19391-17084
CBL-Mariner Releases
CBL-Mariner Releases
19833-17086
19385-16823
No
Security Update
2.6.1-21
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19833-17086
19385-16823
CBL-Mariner Releases
CBL-Mariner Releases
19342-17084
19389-17084
No
Security Update
0.37.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19342-17084
19389-17084
CBL-Mariner Releases
CBL-Mariner Releases
19840-17086
19384-16823
No
Security Update
0.0.2-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19840-17086
19384-16823
CBL-Mariner Releases
CBL-Mariner Releases
19432-17084
19309-17084
No
Security Update
1.12.15-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19432-17084
19309-17084
CBL-Mariner Releases
CBL-Mariner Releases
19344-17084
19306-17084
No
Security Update
2.7.5-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19344-17084
19306-17084
CBL-Mariner Releases
CBL-Mariner Releases
19346-17084
19304-17084
No
Security Update
1.57.0-13
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19346-17084
19304-17084
CBL-Mariner Releases
CBL-Mariner Releases
19972-17084
19388-17084
No
Security Update
2.0.0-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19972-17084
19388-17084
CBL-Mariner Releases
CBL-Mariner Releases
19817-17086
19382-16823
No
Security Update
1.11.2-19
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19817-17086
19382-16823
CBL-Mariner Releases
CBL-Mariner Releases
19945-17086
19381-16823
No
Security Update
1.9.5-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19945-17086
19381-16823
CBL-Mariner Releases
CBL-Mariner Releases
19343-17084
19386-17084
No
Security Update
1.31.0-8
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19343-17084
19386-17084
CBL-Mariner Releases
CBL-Mariner Releases
19939-17086
19379-16823
No
Security Update
1.29.4-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19939-17086
19379-16823
CBL-Mariner Releases
CBL-Mariner Releases
19821-17086
No
Security Update
1.55.0-23
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19821-17086
CBL-Mariner Releases
CBL-Mariner Releases
19761-17086
19292-16823
No
Security Update
1.28.4-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19761-17086
19292-16823
CBL-Mariner Releases
CBL-Mariner Releases
19858-17086
No
Security Update
1.14.2-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19858-17086
CBL-Mariner Releases
CBL-Mariner Releases
19854-17086
19376-16823
No
Security Update
1.6.2-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19854-17086
19376-16823
CBL-Mariner Releases
CBL-Mariner Releases
19848-17086
No
Security Update
1.7.7-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19848-17086
CBL-Mariner Releases
CBL-Mariner Releases
19829-17086
19375-16823
No
Security Update
1.2.0-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19829-17086
19375-16823
CBL-Mariner Releases
CBL-Mariner Releases
18129-16823
19777-17086
No
Security Update
1.22.3-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18129-16823
19777-17086
CBL-Mariner Releases
CBL-Mariner Releases
19380-16823
19845-17086
No
Security Update
1.6.26-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19380-16823
19845-17086
CBL-Mariner Releases
CBL-Mariner Releases
19383-16823
19836-17086
No
Security Update
2.4.0-27
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19383-16823
19836-17086
CBL-Mariner Releases
CBL-Mariner Releases
17759-17084
19335-17084
No
Security Update
1.9.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17759-17084
19335-17084
CBL-Mariner Releases
CBL-Mariner Releases
19305-17084
19347-17084
No
Security Update
2.14.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19305-17084
19347-17084
CBL-Mariner Releases
CBL-Mariner Releases
19387-17084
17468-17084
No
Security Update
1.7.13-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19387-17084
17468-17084
CBL-Mariner Releases
CBL-Mariner Releases
19317-17084
19338-17084
No
Security Update
2.62.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19317-17084
19338-17084
CBL-Mariner Releases
CBL-Mariner Releases
17461-17084
No
Security Update
1.7.7-9
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17461-17084
CBL-Mariner Releases
CBL-Mariner Releases
19319-17084
19340-17084
No
Security Update
1.30.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19319-17084
19340-17084
CBL-Mariner Releases
CBL-Mariner Releases
19390-17084
17586-17084
No
Security Update
1.2.0-17
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19390-17084
17586-17084
CBL-Mariner Releases
3.0
2025-03-06T00:00:00
<p>Information published.</p>
4.0
2025-03-08T00:00:00
<p>Information published.</p>
8.0
2025-03-27T00:00:00
<p>Information published.</p>
9.0
2025-04-05T00:00:00
<p>Information published.</p>
1.0
2025-04-06T00:00:00
<p>Information published.</p>
1.1
2025-04-07T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.3
2025-04-09T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.8
2025-04-14T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.9
2025-04-15T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.0
2025-04-16T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.1
2025-04-17T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.5
2025-04-21T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.6
2025-04-22T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.8
2025-04-24T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.0
2025-04-26T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.1
2025-04-28T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.3
2025-04-30T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.4
2025-05-01T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.6
2025-05-03T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.7
2025-05-04T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.8
2025-05-05T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.9
2025-05-06T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.0
2025-05-07T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.1
2025-05-08T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.3
2025-05-10T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.4
2025-05-11T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.5
2025-05-12T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.7
2025-05-14T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.8
2025-05-15T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.9
2025-05-16T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.0
2025-05-17T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.3
2025-05-20T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.4
2025-05-21T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.7
2025-05-24T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.8
2025-05-25T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.9
2025-05-26T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.0
2025-03-04T00:00:00
<p>Information published.</p>
2.0
2025-03-05T00:00:00
<p>Information published.</p>
5.0
2025-03-12T00:00:00
<p>Information published.</p>
6.0
2025-03-13T00:00:00
<p>Information published.</p>
7.0
2025-03-25T00:00:00
<p>Information published.</p>
1.2
2025-04-08T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.4
2025-04-10T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.5
2025-04-11T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.6
2025-04-12T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
1.7
2025-04-13T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.2
2025-04-18T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.3
2025-04-19T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.4
2025-04-20T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.7
2025-04-23T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
2.9
2025-04-25T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.2
2025-04-29T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
3.5
2025-05-02T00:00:00
<p>Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.2
2025-05-09T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
4.6
2025-05-13T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.1
2025-05-18T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.2
2025-05-19T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.5
2025-05-22T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
5.6
2025-05-23T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
6.0
2025-05-27T00:00:00
<p>Added moby-containerd-cc to CBL-Mariner 2.0
Added rook to CBL-Mariner 2.0
Added cert-manager to CBL-Mariner 2.0
Added containerized-data-importer to CBL-Mariner 2.0
Added dcos-cli to CBL-Mariner 2.0
Added packer to CBL-Mariner 2.0
Added skopeo to CBL-Mariner 2.0
Added telegraf to CBL-Mariner 2.0
Added kubernetes to CBL-Mariner 2.0
Added moby-containerd to CBL-Mariner 2.0
Added influxdb to CBL-Mariner 2.0
Added keda to CBL-Mariner 2.0
Added kube-vip-cloud-provider to CBL-Mariner 2.0
Added moby-containerd-cc to Azure Linux 3.0
Added telegraf to Azure Linux 3.0
Added containerd to Azure Linux 3.0
Added containerd2 to Azure Linux 3.0
Added dcos-cli to Azure Linux 3.0
Added ig to Azure Linux 3.0
Added skopeo to Azure Linux 3.0
Added cert-manager to Azure Linux 3.0
Added containerized-data-importer to Azure Linux 3.0
Added gh to Azure Linux 3.0
Added influxdb to Azure Linux 3.0
Added keda to Azure Linux 3.0
Added kubernetes to Azure Linux 3.0
Added packer to Azure Linux 3.0</p>
9.1
2026-02-21T03:11:23
<p>Information published.</p>
Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-12133
Inefficient Algorithmic Complexity
17106-16823
17480-17084
17481-17084
20286-17086
20134-17086
17479-17084
17106-16823
17480-17084
17481-17084
20286-17086
20134-17086
17479-17084
Moderate
17106-16823
Moderate
17480-17084
Important
17481-17084
Important
20286-17086
Moderate
20134-17086
Moderate
17479-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17106-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17480-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17481-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20286-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20134-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17479-17084
CBL-Mariner Releases
17106-16823
20134-17086
No
Security Update
3.7.11-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17106-16823
20134-17086
CBL-Mariner Releases
CBL-Mariner Releases
17480-17084
17479-17084
No
Security Update
3.8.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17480-17084
17479-17084
CBL-Mariner Releases
CBL-Mariner Releases
17481-17084
20286-17086
No
Security Update
4.19.0-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17481-17084
20286-17086
CBL-Mariner Releases
1.0
2025-03-04T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
3.0
2025-04-12T00:00:00
<p>Information published.</p>
3.1
2026-02-19T01:16:42
<p>Information published.</p>
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-50608
NULL Pointer Dereference
17474-17084
19445-17084
19787-17086
17474-17084
19445-17084
19787-17086
Important
17474-17084
Important
19445-17084
Important
19787-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17474-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19445-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19787-17086
CBL-Mariner Releases
17474-17084
19445-17084
No
Security Update
3.1.9-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17474-17084
19445-17084
CBL-Mariner Releases
CBL-Mariner Releases
19787-17086
No
Security Update
3.0.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19787-17086
CBL-Mariner Releases
2.0
2025-03-13T00:00:00
<p>Information published.</p>
1.0
2025-03-04T00:00:00
<p>Information published.</p>
2.1
2026-02-21T02:56:37
<p>Information published.</p>
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-50609
NULL Pointer Dereference
17474-17084
19445-17084
19787-17086
17474-17084
19445-17084
19787-17086
Important
17474-17084
Important
19445-17084
Important
19787-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17474-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19445-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19787-17086
CBL-Mariner Releases
17474-17084
19445-17084
No
Security Update
3.1.9-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17474-17084
19445-17084
CBL-Mariner Releases
CBL-Mariner Releases
19787-17086
No
Security Update
3.0.6-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19787-17086
CBL-Mariner Releases
2.1
2026-02-21T02:57:48
<p>Information published.</p>
1.0
2025-03-04T00:00:00
<p>Information published.</p>
2.0
2025-03-13T00:00:00
<p>Information published.</p>
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-53427
Access of Resource Using Incompatible Type ('Type Confusion')
17473-17084
17473-17084
Important
17473-17084
8.1
8.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17473-17084
CBL-Mariner Releases
17473-17084
No
Security Update
1.7.1-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17473-17084
CBL-Mariner Releases
1.0
2025-03-18T00:00:00
<p>Information published.</p>
irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57949
Improper Locking
17476-17084
17501-17084
17476-17084
17501-17084
Moderate
17476-17084
Moderate
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17476-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17476-17084
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17476-17084
17501-17084
CBL-Mariner Releases
1.1
2026-02-19T01:11:04
<p>Information published.</p>
1.0
2025-03-13T00:00:00
<p>Information published.</p>
rdma/cxgb4: Prevent potential integer overflow on 32bit
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57973
Integer Overflow or Wraparound
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
17501-17084
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:48:35
<p>Information published.</p>
media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57978
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
Moderate
17103-16823
Moderate
17471-17084
17501-17084
18490-17086
19682-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
2.0
2026-02-18T01:47:39
<p>Information published.</p>
1.0
2025-03-13T00:00:00
<p>Information published.</p>
usb: xhci: Fix NULL pointer dereference on certain command aborts
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57981
NULL Pointer Dereference
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
Moderate
17103-16823
Moderate
17471-17084
17501-17084
18490-17086
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:46:48
<p>Information published.</p>
net_sched: sch_sfq: don't allow 1 packet limit
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57996
Improper Validation of Array Index
17471-17084
20036-17086
17501-17084
17471-17084
20036-17086
17501-17084
Moderate
17471-17084
20036-17086
17501-17084
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
20036-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20036-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
tpm: Change to kvalloc() in eventlog/acpi.c
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58005
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
17501-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
2.0
2026-02-18T01:32:37
<p>Information published.</p>
1.0
2025-03-13T00:00:00
<p>Information published.</p>
binfmt_flat: Fix integer overflow bug on 32 bit systems
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58010
Integer Overflow or Wraparound
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
17501-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:14:20
<p>Information published.</p>
printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58017
Integer Overflow or Wraparound
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
17501-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:20:40
<p>Information published.</p>
HID: multitouch: Add NULL check in mt_input_configured
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58020
NULL Pointer Dereference
17103-16823
17472-17084
19682-17086
17471-17084
18490-17086
17103-16823
17472-17084
19682-17086
17471-17084
18490-17086
Moderate
17103-16823
Moderate
17472-17084
19682-17086
17471-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:31:37
<p>Information published.</p>
ipv6: Fix signed integer overflow in __ip6_append_data
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49728
Integer Overflow or Wraparound
17095-16823
19682-17086
18490-17086
17095-16823
19682-17086
18490-17086
Moderate
17095-16823
19682-17086
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
17095-16823
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
2.0
2026-02-18T01:51:50
<p>Information published.</p>
1.0
2025-09-03T21:32:44
<p>Information published.</p>
soc: qcom: socinfo: Avoid out of bounds read of serial number
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58007
Out-of-bounds Read
18490-17086
17501-17084
19682-17086
18490-17086
17501-17084
19682-17086
Important
18490-17086
Important
17501-17084
19682-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
18490-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17501-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
19682-17086
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:40:26
<p>Information published.</p>
memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58034
19705-17086
17099-17086
19705-17086
17099-17086
19705-17086
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T15:06:47
<p>Information published.</p>
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21689
NULL Pointer Dereference
19705-17086
17501-17084
17099-17086
19705-17086
17501-17084
17099-17086
19705-17086
Moderate
17501-17084
Moderate
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
1.0
2025-03-14T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:24:33
<p>Information published.</p>
padata: fix UAF in padata_reorder
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21727
Use After Free
19705-17086
17099-17086
19705-17086
17099-17086
19705-17086
Moderate
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:08:16
<p>Information published.</p>
nilfs2: protect access to buffers with no active references
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21811
Use After Free
17099-17086
19705-17086
17099-17086
19705-17086
Important
17099-17086
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
CBL-Mariner Releases
17099-17086
19705-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17099-17086
19705-17086
CBL-Mariner Releases
2.0
2026-02-18T15:07:39
<p>Information published.</p>
1.0
2025-05-05T00:00:00
<p>Information published.</p>
rust openssl ssl::select_next_proto use after free
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-24898
Use After Free
20080-17084
17729-17084
19714-17086
19721-17086
19686-17084
19671-17084
18011-17086
17183-17086
20080-17084
17729-17084
19714-17086
19721-17086
19686-17084
19671-17084
18011-17086
17183-17086
Moderate
20080-17084
Moderate
17729-17084
19714-17086
19721-17086
Moderate
19686-17084
Moderate
19671-17084
Moderate
18011-17086
Moderate
17183-17086
2.0
2026-02-19T01:06:08
<p>Information published.</p>
1.0
2025-09-03T21:40:02
<p>Information published.</p>
drm/amdgpu/pm: fix the null pointer while the smu is disabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49529
NULL Pointer Dereference
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T21:46:35
<p>Information published.</p>
2.0
2026-03-03T14:43:59
<p>Information published.</p>
3.0
2026-03-31T14:56:33
<p>Information published.</p>
btrfs: fix deadlock between concurrent dio writes when low on free data space
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49547
Improper Locking
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T21:48:49
<p>Information published.</p>
2.0
2026-03-03T14:44:17
<p>Information published.</p>
3.0
2026-03-31T14:56:59
<p>Information published.</p>
scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49534
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:44:33
<p>Information published.</p>
3.0
2026-03-31T14:57:25
<p>Information published.</p>
1.0
2025-09-03T21:50:59
<p>Information published.</p>
f2fs: avoid infinite loop to flush node pages
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49317
Loop with Unreachable Exit Condition ('Infinite Loop')
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
2.0
2026-02-21T02:19:02
<p>Information published.</p>
1.0
2025-09-03T21:57:57
<p>Information published.</p>
mm: clear uffd-wp PTE/PMD state on mremap()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21696
19683-17084
20412-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
21332-17084
19682-17086
20788-17084
18490-17086
21308-17084
21344-17084
19683-17084
20412-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
21332-17084
19682-17086
20788-17084
18490-17086
21308-17084
21344-17084
19683-17084
20412-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21248-17084
Moderate
21332-17084
19682-17086
Moderate
20788-17084
Moderate
18490-17086
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T22:03:00
<p>Information published.</p>
2.0
2025-12-07T01:38:06
<p>Information published.</p>
3.0
2026-01-08T14:36:51
<p>Information published.</p>
4.0
2026-01-20T14:35:33
<p>Information published.</p>
7.0
2026-03-31T14:48:46
<p>Information published.</p>
5.0
2026-02-19T01:21:25
<p>Information published.</p>
6.0
2026-03-04T14:35:38
<p>Information published.</p>
8.0
2026-04-29T14:39:49
<p>Information published.</p>
9.0
2026-05-06T14:53:22
<p>Information published.</p>
10.0
2026-05-11T01:52:21
<p>Information published.</p>
11.0
2026-05-17T14:53:07
<p>Information published.</p>
firmware: qcom: scm: smc: Handle missing SCM device
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57852
19683-17084
19683-17084
Moderate
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
CBL-Mariner Releases
19683-17084
No
Security Update
6.6.96.2-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19683-17084
CBL-Mariner Releases
1.0
2025-09-03T22:03:50
<p>Information published.</p>
1.1
2026-02-18T01:05:01
<p>Information published.</p>
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57975
19529-17084
17087-17086
19529-17084
17087-17086
Moderate
19529-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T22:05:55
<p>Information published.</p>
1.1
2026-02-18T01:05:38
<p>Information published.</p>
mlxsw: spectrum: Guard against invalid local ports
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49134
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:45:43
<p>Information published.</p>
3.0
2026-03-31T14:59:23
<p>Information published.</p>
1.0
2025-09-03T22:14:37
<p>Information published.</p>
ath11k: Fix frames flush failure caused by deadlock
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49123
Improper Locking
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
1.0
2025-09-03T22:16:58
<p>Information published.</p>
2.0
2026-02-21T02:27:49
<p>Information published.</p>
net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21768
20613-17084
20725-17084
20823-17084
20925-17086
20956-17084
21094-17084
21332-17084
19683-17084
20412-17084
20553-17084
17087-17086
20788-17084
20860-17084
21093-17086
21248-17084
21308-17084
21344-17084
20613-17084
20725-17084
20823-17084
20925-17086
20956-17084
21094-17084
21332-17084
19683-17084
20412-17084
20553-17084
17087-17086
20788-17084
20860-17084
21093-17086
21248-17084
21308-17084
21344-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
20956-17084
Moderate
21094-17084
Moderate
21332-17084
19683-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
17087-17086
Moderate
20788-17084
Moderate
20860-17084
Moderate
21093-17086
Moderate
21248-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20613-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20725-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20956-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21094-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21332-17084
5.9
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20412-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20788-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21248-17084
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:47:16
<p>Information published.</p>
4.0
2026-01-20T14:41:47
<p>Information published.</p>
5.0
2026-02-19T01:44:37
<p>Information published.</p>
7.0
2026-03-04T14:40:51
<p>Information published.</p>
8.0
2026-03-31T14:58:43
<p>Information published.</p>
9.0
2026-04-29T14:48:04
<p>Information published.</p>
11.0
2026-05-11T01:41:34
<p>Information published.</p>
12.1
2026-05-22T01:41:49
<p>Information published.</p>
1.0
2025-09-03T22:19:50
<p>Information published.</p>
3.0
2026-01-08T14:46:15
<p>Information published.</p>
6.0
2026-03-03T14:42:56
<p>Information published.</p>
10.0
2026-05-06T14:42:40
<p>Information published.</p>
12.0
2026-05-17T14:42:46
<p>Information published.</p>
A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57075
Uncontrolled Resource Consumption
19693-17084
19693-17084
Important
19693-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19693-17084
1.1
2026-02-19T01:09:23
<p>Information published.</p>
1.0
2025-09-03T22:21:42
<p>Information published.</p>
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57970
Buffer Over-read
20047-17086
19704-17086
19277-17084
17464-17084
20047-17086
19704-17086
19277-17084
17464-17084
Moderate
20047-17086
Moderate
19704-17086
Moderate
19277-17084
Moderate
17464-17084
4.0
4.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20047-17086
4.0
4.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19704-17086
4.0
4.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19277-17084
4.0
4.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17464-17084
1.0
2025-09-03T22:29:47
<p>Information published.</p>
1.1
2026-02-19T01:22:35
<p>Information published.</p>
vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-25183
Improper Validation of Integrity Check Value
19681-17086
19681-17086
Low
19681-17086
2.6
2.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
19681-17086
1.1
2026-02-19T01:09:34
<p>Information published.</p>
1.0
2025-09-03T22:24:23
<p>Information published.</p>
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-22866
20166-17084
19785-17086
19990-17084
18444-17086
19747-17086
20166-17084
19785-17086
19990-17084
18444-17086
19747-17086
Important
20166-17084
Important
19785-17086
Important
19990-17084
Important
18444-17086
19747-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20166-17084
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19785-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19990-17084
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18444-17086
8.4
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19747-17086
CBL-Mariner Releases
20166-17084
No
Security Update
1.23.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20166-17084
CBL-Mariner Releases
1.0
2025-09-03T22:30:35
<p>Information published.</p>
2.0
2026-02-19T01:10:35
<p>Information published.</p>
udp: Deal with race between UDP socket address change and rehash
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57974
19683-17084
20412-17084
20613-17084
20725-17084
20860-17084
20956-17084
21094-17084
21093-17086
20553-17084
17087-17086
20788-17084
20823-17084
20925-17086
21248-17084
21308-17084
21332-17084
21344-17084
19683-17084
20412-17084
20613-17084
20725-17084
20860-17084
20956-17084
21094-17084
21093-17086
20553-17084
17087-17086
20788-17084
20823-17084
20925-17086
21248-17084
21308-17084
21332-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
20553-17084
Moderate
17087-17086
Moderate
20788-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T22:31:39
<p>Information published.</p>
4.0
2026-01-20T14:42:30
<p>Information published.</p>
6.0
2026-03-03T14:38:52
<p>Information published.</p>
7.0
2026-03-04T14:41:18
<p>Information published.</p>
8.0
2026-03-31T15:00:46
<p>Information published.</p>
2.0
2025-12-07T01:47:49
<p>Information published.</p>
3.0
2026-01-08T14:46:46
<p>Information published.</p>
5.0
2026-02-19T01:45:12
<p>Information published.</p>
9.0
2026-04-30T01:43:29
<p>Information published.</p>
10.0
2026-05-06T14:43:18
<p>Information published.</p>
11.0
2026-05-11T01:42:11
<p>Information published.</p>
12.0
2026-05-17T14:43:23
<p>Information published.</p>
Default mimetype known files writeable on Windows
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PSF
Yes
CVE-2024-3220
Untrusted Search Path
17667-17084
17604-17084
19681-17086
17667-17084
17604-17084
19681-17086
Low
17667-17084
Low
17604-17084
Low
19681-17086
1.0
2025-09-03T22:36:11
<p>Information published.</p>
1.1
2026-02-19T01:22:49
<p>Information published.</p>
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57256
Integer Overflow or Wraparound
19662-17086
17093-17086
17459-17084
19662-17086
17093-17086
17459-17084
19662-17086
Important
17093-17086
Important
17459-17084
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
19662-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17093-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17459-17084
1.0
2025-09-03T22:38:00
<p>Information published.</p>
2.0
2026-02-18T03:09:07
<p>Information published.</p>
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57994
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
19683-17084
20412-17084
20788-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
19683-17084
20412-17084
20788-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
19683-17084
Moderate
20412-17084
Moderate
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
1.0
2025-09-03T22:40:08
<p>Information published.</p>
2.0
2025-12-07T01:48:07
<p>Information published.</p>
3.0
2026-01-08T14:47:02
<p>Information published.</p>
4.0
2026-01-20T14:42:54
<p>Information published.</p>
6.0
2026-02-27T14:35:27
<p>Information published.</p>
5.0
2026-02-19T01:45:32
<p>Information published.</p>
GNU Binutils ld xmemdup.c xmemdup memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1151
Missing Release of Memory after Effective Lifetime
18315-17084
19634-17084
20219-17086
20100-17086
20203-17086
20414-17084
20525-17086
20524-17086
20567-17084
20568-17084
20569-17084
20599-17086
20600-17086
20598-17086
20618-17084
20688-17086
20787-17084
21253-17084
18844-17084
19818-17084
19718-17086
20376-17086
18447-17086
20936-17086
21200-17084
21201-17084
18315-17084
19634-17084
20219-17086
20100-17086
20203-17086
20414-17084
20525-17086
20524-17086
20567-17084
20568-17084
20569-17084
20599-17086
20600-17086
20598-17086
20618-17084
20688-17086
20787-17084
21253-17084
18844-17084
19818-17084
19718-17086
20376-17086
18447-17086
20936-17086
21200-17084
21201-17084
Low
18315-17084
Low
19634-17084
20219-17086
Low
20100-17086
Low
20203-17086
Low
20414-17084
Low
20525-17086
Low
20524-17086
Low
20567-17084
Low
20568-17084
Low
20569-17084
Low
20599-17086
Low
20600-17086
Low
20598-17086
Low
20618-17084
Low
20688-17086
Low
20787-17084
Low
21253-17084
Low
18844-17084
19818-17084
19718-17086
Low
20376-17086
Low
18447-17086
Low
20936-17086
Low
21200-17084
Low
21201-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18315-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20100-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20203-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20414-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20524-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20567-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20569-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20600-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20598-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20688-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20787-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21253-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18844-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19818-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19718-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18447-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21201-17084
2.0
2025-12-06T14:35:22
<p>Information published.</p>
3.0
2026-01-08T14:36:21
<p>Information published.</p>
4.0
2026-03-03T14:37:56
<p>Information published.</p>
6.0
2026-04-30T14:37:10
<p>Information published.</p>
1.0
2025-09-03T23:00:30
<p>Information published.</p>
5.0
2026-04-14T14:37:42
<p>Information published.</p>
Grub2: grub-core/gettext: integer overflow leads to heap oob write.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45777
Out-of-bounds Write
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
Moderate
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-03T22:49:56
<p>Information published.</p>
Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-1118
Trust Boundary Violation
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
Moderate
19588-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
20107-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
20521-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
20560-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
19588-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
19588-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
19588-17084
CBL-Mariner Releases
1.0
2025-09-03T22:53:33
<p>Information published.</p>
clk: mediatek: Fix memory leaks on probe
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49108
Missing Release of Memory after Effective Lifetime
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
1.0
2025-09-03T22:53:13
<p>Information published.</p>
2.0
2026-02-18T02:20:04
<p>Information published.</p>
drm/sprd: fix potential NULL dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49125
NULL Pointer Dereference
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
1.0
2025-09-03T22:55:52
<p>Information published.</p>
2.0
2026-02-18T02:20:53
<p>Information published.</p>
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-11831
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
19820-17086
19693-17084
19820-17086
19693-17084
Moderate
19820-17086
Moderate
19693-17084
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
19820-17086
5.4
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
19693-17084
1.0
2025-09-03T23:04:58
<p>Information published.</p>
1.1
2026-02-19T01:12:30
<p>Information published.</p>
net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49342
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-03T23:11:30
<p>Information published.</p>
2.0
2026-03-03T14:44:49
<p>Information published.</p>
3.0
2026-03-31T14:57:55
<p>Information published.</p>
Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0677
Out-of-bounds Write
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
Moderate
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.4
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-03T23:13:01
<p>Information published.</p>
net: ravb: Fix missing rtnl lock in suspend/resume path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21801
19683-17084
20412-17084
17087-17086
20613-17084
20725-17084
20788-17084
20823-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
21308-17084
21332-17084
20553-17084
20860-17084
21344-17084
19683-17084
20412-17084
17087-17086
20613-17084
20725-17084
20788-17084
20823-17084
20925-17086
20956-17084
21094-17084
21093-17086
21248-17084
21308-17084
21332-17084
20553-17084
20860-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
17087-17086
Moderate
20613-17084
Moderate
20725-17084
Moderate
20788-17084
Moderate
20823-17084
Moderate
20925-17086
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
20553-17084
Moderate
20860-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
3.0
2026-01-08T14:48:02
<p>Information published.</p>
4.0
2026-01-20T14:44:07
<p>Information published.</p>
6.0
2026-03-03T14:46:48
<p>Information published.</p>
7.0
2026-03-04T14:41:59
<p>Information published.</p>
8.0
2026-03-31T15:04:39
<p>Information published.</p>
9.0
2026-04-29T14:49:55
<p>Information published.</p>
1.0
2025-09-03T23:13:25
<p>Information published.</p>
2.0
2025-12-07T01:49:36
<p>Information published.</p>
5.0
2026-02-19T01:46:28
<p>Information published.</p>
10.0
2026-05-06T14:44:22
<p>Information published.</p>
11.0
2026-05-11T01:43:14
<p>Information published.</p>
12.0
2026-05-17T14:44:25
<p>Information published.</p>
GNU Binutils ld xmalloc.c xstrdup memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1149
Missing Release of Memory after Effective Lifetime
18315-17084
18844-17084
20237-17084
19818-17084
19634-17084
20219-17086
20100-17086
19718-17086
20376-17086
20525-17086
20568-17084
20599-17086
20600-17086
20598-17086
20618-17084
20688-17086
20787-17084
21200-17084
21253-17084
20203-17086
20414-17084
18447-17086
20524-17086
20567-17084
20569-17084
20936-17086
21201-17084
18315-17084
18844-17084
20237-17084
19818-17084
19634-17084
20219-17086
20100-17086
19718-17086
20376-17086
20525-17086
20568-17084
20599-17086
20600-17086
20598-17086
20618-17084
20688-17086
20787-17084
21200-17084
21253-17084
20203-17086
20414-17084
18447-17086
20524-17086
20567-17084
20569-17084
20936-17086
21201-17084
Low
18315-17084
18844-17084
20237-17084
19818-17084
19634-17084
20219-17086
20100-17086
19718-17086
20376-17086
20525-17086
20568-17084
20599-17086
20600-17086
20598-17086
20618-17084
Low
20688-17086
20787-17084
21200-17084
21253-17084
20203-17086
20414-17084
Low
18447-17086
20524-17086
20567-17084
20569-17084
20936-17086
21201-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18315-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18844-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20237-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19818-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20100-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19718-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20600-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20598-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20688-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20787-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21253-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20203-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20414-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18447-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20524-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20567-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20569-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21201-17084
1.0
2025-09-03T23:38:29
<p>Information published.</p>
2.0
2025-12-06T14:35:27
<p>Information published.</p>
4.0
2026-03-03T14:36:58
<p>Information published.</p>
6.0
2026-04-29T14:39:36
<p>Information published.</p>
3.0
2026-01-08T14:36:41
<p>Information published.</p>
5.0
2026-04-14T14:37:50
<p>Information published.</p>
Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45776
Out-of-bounds Write
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
Moderate
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-03T23:26:40
<p>Information published.</p>
drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49303
Improper Locking
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-03T23:27:51
<p>Information published.</p>
2.0
2026-03-03T15:01:26
<p>Information published.</p>
3.0
2026-03-31T14:46:46
<p>Information published.</p>
btrfs: do proper folio cleanup when cow_file_range() failed
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57976
19683-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21093-17086
21332-17084
20412-17084
17087-17086
20788-17084
20925-17086
21248-17084
21308-17084
21344-17084
19683-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21093-17086
21332-17084
20412-17084
17087-17086
20788-17084
20925-17086
21248-17084
21308-17084
21344-17084
19683-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21093-17086
Moderate
21332-17084
Moderate
20412-17084
Moderate
17087-17086
Moderate
20788-17084
Moderate
20925-17086
Moderate
21248-17084
Moderate
21308-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-03T23:28:32
<p>Information published.</p>
2.0
2025-12-07T01:50:20
<p>Information published.</p>
3.0
2026-01-08T14:48:45
<p>Information published.</p>
4.0
2026-01-20T14:44:59
<p>Information published.</p>
6.0
2026-03-03T14:39:08
<p>Information published.</p>
7.0
2026-03-04T14:42:29
<p>Information published.</p>
8.0
2026-03-31T15:07:12
<p>Information published.</p>
12.1
2026-05-22T01:42:46
<p>Information published.</p>
5.0
2026-02-19T01:47:06
<p>Information published.</p>
9.0
2026-04-30T01:45:01
<p>Information published.</p>
10.0
2026-05-06T14:45:33
<p>Information published.</p>
11.0
2026-05-11T01:43:59
<p>Information published.</p>
12.0
2026-05-17T14:45:07
<p>Information published.</p>
rtw89: cfo: check mac_id to avoid out-of-bounds
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49471
Improper Validation of Array Index
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
1.0
2025-09-03T23:34:41
<p>Information published.</p>
2.0
2026-02-18T14:48:40
<p>Information published.</p>
ice: always check VF VSI pointer values
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49516
NULL Pointer Dereference
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
1.0
2025-09-03T23:37:34
<p>Information published.</p>
2.0
2026-02-18T14:49:06
<p>Information published.</p>
Grub2: commands/extcmd: missing check for failed allocation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45775
Unchecked Return Value
20107-17086
19588-17084
20560-17084
20521-17086
20107-17086
19588-17084
20560-17084
20521-17086
Moderate
20107-17086
Moderate
19588-17084
Moderate
20560-17084
Moderate
20521-17086
5.2
5.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
20107-17086
5.2
5.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
19588-17084
5.2
5.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
20560-17084
5.2
5.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
20521-17086
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-03T23:39:00
<p>Information published.</p>
Grub2: reader/jpeg: heap oob write during jpeg parsing
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45774
Out-of-bounds Write
20107-17086
19588-17084
20521-17086
20560-17084
20107-17086
19588-17084
20521-17086
20560-17084
Moderate
20107-17086
Moderate
19588-17084
Moderate
20521-17086
Moderate
20560-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
1.0
2025-09-03T23:43:28
<p>Information published.</p>
ceph: fix possible deadlock when holding Fwb to get inline_data
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49296
Improper Locking
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-03T23:43:53
<p>Information published.</p>
2.0
2026-03-03T15:02:52
<p>Information published.</p>
3.0
2026-03-31T14:48:40
<p>Information published.</p>
hwrng: cavium - fix NULL but dereferenced coccicheck error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49177
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:46:47
<p>Information published.</p>
3.0
2026-03-31T15:01:09
<p>Information published.</p>
1.0
2025-09-03T23:45:45
<p>Information published.</p>
GNU Binutils ld libbfd.c bfd_putl64 memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1179
Improper Restriction of Operations within the Bounds of a Memory Buffer
19818-17084
20203-17086
19818-17084
20203-17086
Moderate
19818-17084
Moderate
20203-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19818-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
20203-17086
1.0
2025-09-03T23:48:55
<p>Information published.</p>
1.1
2026-02-19T01:14:20
<p>Information published.</p>
GNU Binutils nm nm.c internal_strlen buffer overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1147
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
20525-17086
20618-17084
20936-17086
19634-17084
20219-17086
20376-17086
20568-17084
20599-17086
21200-17084
20525-17086
20618-17084
20936-17086
19634-17084
20219-17086
20376-17086
20568-17084
20599-17086
21200-17084
Low
20525-17086
Low
20618-17084
Low
20936-17086
Low
19634-17084
20219-17086
Low
20376-17086
Low
20568-17084
Low
20599-17086
Low
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
CBL-Mariner Releases
20618-17084
21200-17084
No
Security Update
2.41-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20618-17084
21200-17084
CBL-Mariner Releases
CBL-Mariner Releases
20936-17086
20599-17086
No
Security Update
2.37-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20936-17086
20599-17086
CBL-Mariner Releases
1.0
2025-09-03T23:53:15
<p>Information published.</p>
4.0
2026-04-14T01:37:25
<p>Information published.</p>
2.0
2026-02-19T01:14:35
<p>Information published.</p>
3.0
2026-03-03T14:37:19
<p>Information published.</p>
5.0
2026-04-14T14:37:57
<p>Information published.</p>
Grub2: fs/hfs+: refcount can be decremented twice
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45783
Improper Update of Reference Count
19588-17084
20521-17086
20107-17086
20560-17084
19588-17084
20521-17086
20107-17086
20560-17084
Moderate
19588-17084
Moderate
20521-17086
Moderate
20107-17086
Moderate
20560-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
19588-17084
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20521-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20107-17086
4.4
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
20560-17084
CBL-Mariner Releases
19588-17084
20560-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
20560-17084
CBL-Mariner Releases
CBL-Mariner Releases
20521-17086
20107-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20521-17086
20107-17086
CBL-Mariner Releases
1.0
2025-09-03T23:53:10
<p>Information published.</p>
loop: implement ->free_disk
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49531
Improper Locking
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2026-03-03T14:47:24
<p>Information published.</p>
3.0
2026-03-31T15:01:52
<p>Information published.</p>
1.0
2025-09-03T23:52:36
<p>Information published.</p>
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57999
20553-17084
19683-17084
20412-17084
17087-17086
20553-17084
19683-17084
20412-17084
17087-17086
Moderate
20553-17084
19683-17084
Moderate
20412-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-03T23:54:29
<p>Information published.</p>
DNSSEC validation may accept broken authentication chains
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-25188
Insufficient Verification of Data Authenticity
20265-17084
20265-17084
Moderate
20265-17084
1.1
2026-02-19T01:14:43
<p>Information published.</p>
1.0
2025-09-03T23:56:45
<p>Information published.</p>
Grub2: fs/ufs: oob write in the heap
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-45781
Out-of-bounds Write
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
Moderate
19588-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20107-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20521-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
20560-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19588-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
19588-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
19588-17084
CBL-Mariner Releases
1.0
2025-09-04T00:05:26
<p>Information published.</p>
media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49496
Improper Locking
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
1.0
2025-09-04T00:07:01
<p>Information published.</p>
2.0
2026-02-18T14:52:39
<p>Information published.</p>
drm/amd/display: Initialize denominator defaults to 1
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57950
Divide By Zero
18490-17086
19682-17086
19529-17084
18490-17086
19682-17086
19529-17084
Moderate
18490-17086
19682-17086
Moderate
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
1.0
2025-09-04T00:17:33
<p>Information published.</p>
2.0
2026-02-21T02:48:25
<p>Information published.</p>
RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21732
20412-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
19683-17084
17087-17086
20788-17084
20956-17084
21248-17084
21308-17084
21332-17084
21344-17084
20412-17084
20553-17084
20613-17084
20725-17084
20823-17084
20860-17084
20925-17086
21094-17084
21093-17086
19683-17084
17087-17086
20788-17084
20956-17084
21248-17084
21308-17084
21332-17084
21344-17084
Moderate
20412-17084
Moderate
20553-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20925-17086
Moderate
21094-17084
Moderate
21093-17086
19683-17084
Moderate
17087-17086
Moderate
20788-17084
Moderate
20956-17084
Moderate
21248-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
4.7
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-04T00:16:07
<p>Information published.</p>
3.0
2026-01-08T14:49:27
<p>Information published.</p>
4.0
2026-01-20T14:45:51
<p>Information published.</p>
6.0
2026-03-03T14:41:46
<p>Information published.</p>
7.0
2026-03-04T14:42:51
<p>Information published.</p>
8.0
2026-03-31T15:09:16
<p>Information published.</p>
11.0
2026-05-11T01:44:33
<p>Information published.</p>
2.0
2025-12-07T01:35:51
<p>Information published.</p>
5.0
2026-02-19T01:47:48
<p>Information published.</p>
9.0
2026-04-29T14:51:26
<p>Information published.</p>
10.0
2026-05-06T14:46:09
<p>Information published.</p>
12.0
2026-05-17T14:45:42
<p>Information published.</p>
GNU Binutils ld libbfd.c bfd_malloc memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1150
Missing Release of Memory after Effective Lifetime
19634-17084
20414-17084
20524-17086
20568-17084
20599-17086
20618-17084
20936-17086
19818-17084
20203-17086
20219-17086
20376-17086
20525-17086
20569-17084
20598-17086
21201-17084
21200-17084
19634-17084
20414-17084
20524-17086
20568-17084
20599-17086
20618-17084
20936-17086
19818-17084
20203-17086
20219-17086
20376-17086
20525-17086
20569-17084
20598-17086
21201-17084
21200-17084
Low
19634-17084
Low
20414-17084
Low
20524-17086
Low
20568-17084
Low
20599-17086
Low
20618-17084
Low
20936-17086
19818-17084
Low
20203-17086
20219-17086
Low
20376-17086
Low
20525-17086
Low
20569-17084
Low
20598-17086
Low
21201-17084
Low
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20414-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20524-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19818-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20203-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20569-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20598-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21201-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
1.0
2025-09-04T00:22:55
<p>Information published.</p>
2.0
2026-03-03T14:38:30
<p>Information published.</p>
3.0
2026-04-14T14:38:04
<p>Information published.</p>
GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1180
Improper Restriction of Operations within the Bounds of a Memory Buffer
20203-17086
20219-17086
20376-17086
20414-17084
20525-17086
20569-17084
20598-17086
20599-17086
20618-17084
20936-17086
21200-17084
18844-17084
19818-17084
19634-17084
20100-17086
20524-17086
20568-17084
21201-17084
20203-17086
20219-17086
20376-17086
20414-17084
20525-17086
20569-17084
20598-17086
20599-17086
20618-17084
20936-17086
21200-17084
18844-17084
19818-17084
19634-17084
20100-17086
20524-17086
20568-17084
21201-17084
Low
20203-17086
20219-17086
Low
20376-17086
Low
20414-17084
Low
20525-17086
Low
20569-17084
Low
20598-17086
Low
20599-17086
Low
20618-17084
Low
20936-17086
Low
21200-17084
Low
18844-17084
19818-17084
Low
19634-17084
Low
20100-17086
Low
20524-17086
Low
20568-17084
Low
21201-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20203-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20414-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20569-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20598-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18844-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19818-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20100-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20524-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21201-17084
CBL-Mariner Releases
18844-17084
No
Security Update
8.0.4-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18844-17084
CBL-Mariner Releases
CBL-Mariner Releases
20100-17086
No
Security Update
8.0.1-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20100-17086
CBL-Mariner Releases
1.0
2025-09-04T00:39:36
<p>Information published.</p>
2.0
2026-03-03T14:38:14
<p>Information published.</p>
3.0
2026-04-14T14:38:13
<p>Information published.</p>
mt76: mt7921: fix kernel crash at mt7921_pci_remove
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49476
NULL Pointer Dereference
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
2.0
2026-02-18T14:55:49
<p>Information published.</p>
1.0
2025-09-04T00:34:18
<p>Information published.</p>
GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1371
NULL Pointer Dereference
19273-17084
19273-17084
Moderate
19273-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19273-17084
1.0
2025-09-04T00:37:33
<p>Information published.</p>
1.1
2026-02-21T02:54:27
<p>Information published.</p>
drm/dp: Fix OOB read when handling Post Cursor2 register
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49218
Out-of-bounds Read
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Important
20925-17086
Important
21093-17086
Important
17087-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20925-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21093-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17087-17086
1.0
2025-09-04T01:25:00
<p>Information published.</p>
2.0
2026-03-03T14:49:09
<p>Information published.</p>
3.0
2026-03-31T15:05:31
<p>Information published.</p>
GNU Binutils ld ldelfgen.c link_order_scan memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1148
Missing Release of Memory after Effective Lifetime
19634-17084
20525-17086
20599-17086
20618-17084
20219-17086
20376-17086
20568-17084
20936-17086
21200-17084
19634-17084
20525-17086
20599-17086
20618-17084
20219-17086
20376-17086
20568-17084
20936-17086
21200-17084
Low
19634-17084
Low
20525-17086
Low
20599-17086
Low
20618-17084
20219-17086
Low
20376-17086
Low
20568-17084
Low
20936-17086
Low
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
CBL-Mariner Releases
20599-17086
20936-17086
No
Security Update
2.37-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20599-17086
20936-17086
CBL-Mariner Releases
CBL-Mariner Releases
20618-17084
21200-17084
No
Security Update
2.41-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20618-17084
21200-17084
CBL-Mariner Releases
3.0
2026-03-03T14:38:49
<p>Information published.</p>
5.0
2026-04-14T14:38:18
<p>Information published.</p>
1.0
2025-09-04T01:47:42
<p>Information published.</p>
2.0
2026-02-19T01:20:21
<p>Information published.</p>
4.0
2026-04-14T01:37:32
<p>Information published.</p>
Grub2: read: integer overflow may lead to out-of-bounds write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0690
Out-of-bounds Write
20107-17086
20521-17086
20560-17084
19588-17084
20107-17086
20521-17086
20560-17084
19588-17084
Moderate
20107-17086
Moderate
20521-17086
Moderate
20560-17084
Moderate
19588-17084
6.1
6.1
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
20107-17086
6.1
6.1
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
20521-17086
6.1
6.1
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
20560-17084
6.1
6.1
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
19588-17084
CBL-Mariner Releases
20107-17086
20521-17086
No
Security Update
2.06-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20107-17086
20521-17086
CBL-Mariner Releases
CBL-Mariner Releases
20560-17084
19588-17084
No
Security Update
2.06-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20560-17084
19588-17084
CBL-Mariner Releases
1.0
2025-09-04T01:55:00
<p>Information published.</p>
workqueue: Put the pwq after detaching the rescuer from the pool
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21786
Use After Free
20553-17084
20613-17084
20725-17084
20860-17084
20925-17086
21093-17086
21094-17084
21308-17084
17087-17086
19683-17084
20412-17084
20788-17084
20823-17084
20956-17084
21248-17084
21332-17084
21344-17084
20553-17084
20613-17084
20725-17084
20860-17084
20925-17086
21093-17086
21094-17084
21308-17084
17087-17086
19683-17084
20412-17084
20788-17084
20823-17084
20956-17084
21248-17084
21332-17084
21344-17084
Important
20553-17084
Important
20613-17084
Important
20725-17084
Important
20860-17084
Important
20925-17086
Important
21093-17086
Important
21094-17084
Important
21308-17084
Important
17087-17086
19683-17084
Important
20412-17084
Important
20788-17084
Important
20823-17084
Important
20956-17084
Important
21248-17084
Important
21332-17084
Moderate
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20553-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20412-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
1.0
2025-09-04T02:25:22
<p>Information published.</p>
3.0
2026-01-08T14:39:41
<p>Information published.</p>
4.0
2026-01-20T14:37:25
<p>Information published.</p>
5.0
2026-02-18T15:05:43
<p>Information published.</p>
6.0
2026-03-03T14:49:25
<p>Information published.</p>
9.0
2026-04-29T14:42:05
<p>Information published.</p>
10.0
2026-05-06T14:38:32
<p>Information published.</p>
12.1
2026-05-22T01:40:00
<p>Information published.</p>
2.0
2025-12-07T01:40:16
<p>Information published.</p>
7.0
2026-03-04T14:37:04
<p>Information published.</p>
8.0
2026-03-31T15:06:09
<p>Information published.</p>
11.0
2026-05-11T01:38:56
<p>Information published.</p>
12.0
2026-05-17T14:39:45
<p>Information published.</p>
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57254
Integer Overflow or Wraparound
17459-17084
19662-17086
17093-17086
17459-17084
19662-17086
17093-17086
Important
17459-17084
19662-17086
Important
17093-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17459-17084
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
19662-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17093-17086
1.0
2025-09-04T03:04:13
<p>Information published.</p>
2.0
2026-02-18T02:43:20
<p>Information published.</p>
srcu: Tighten cleanup_srcu_struct() GP checks
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49651
Use After Free
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Important
17087-17086
Important
20925-17086
Important
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
2.0
2026-03-03T14:51:15
<p>Information published.</p>
1.0
2025-09-04T03:37:05
<p>Information published.</p>
3.0
2026-03-31T15:08:07
<p>Information published.</p>
mm: zswap: properly synchronize freeing resources during CPU hotunplug
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21693
Use After Free
19683-17084
20412-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21093-17086
21094-17084
21248-17084
21308-17084
21332-17084
17087-17086
20553-17084
20925-17086
21344-17084
19683-17084
20412-17084
20613-17084
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21093-17086
21094-17084
21248-17084
21308-17084
21332-17084
17087-17086
20553-17084
20925-17086
21344-17084
19683-17084
Important
20412-17084
Important
20613-17084
Important
20725-17084
Important
20788-17084
Important
20823-17084
Important
20860-17084
Important
20956-17084
Important
21093-17086
Important
21094-17084
Important
21248-17084
Important
21308-17084
Important
21332-17084
Important
17087-17086
Important
20553-17084
Important
20925-17086
Moderate
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20412-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20553-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:41:09
<p>Information published.</p>
4.0
2026-01-20T14:38:07
<p>Information published.</p>
5.0
2026-02-18T15:11:10
<p>Information published.</p>
6.0
2026-03-03T14:52:29
<p>Information published.</p>
9.0
2026-04-29T14:43:00
<p>Information published.</p>
10.0
2026-05-06T14:39:05
<p>Information published.</p>
11.0
2026-05-11T01:39:23
<p>Information published.</p>
12.1
2026-05-22T01:40:27
<p>Information published.</p>
1.0
2025-09-04T04:03:26
<p>Information published.</p>
3.0
2026-01-08T14:40:44
<p>Information published.</p>
7.0
2026-03-04T14:37:43
<p>Information published.</p>
8.0
2026-03-31T15:09:52
<p>Information published.</p>
12.0
2026-05-17T14:40:15
<p>Information published.</p>
blk-throttle: Set BIO_THROTTLED when bio has been throttled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49465
Use After Free
17087-17086
17087-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
CBL-Mariner Releases
17087-17086
No
Security Update
5.15.200.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17087-17086
CBL-Mariner Releases
1.0
2025-09-04T04:15:17
<p>Information published.</p>
2.0
2026-02-24T14:35:11
<p>Information published.</p>
ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49063
Use After Free
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
1.0
2025-09-04T04:20:29
<p>Information published.</p>
2.0
2026-02-18T15:11:58
<p>Information published.</p>
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57257
Uncontrolled Recursion
19662-17086
17093-17086
17459-17084
19662-17086
17093-17086
17459-17084
19662-17086
Low
17093-17086
Low
17459-17084
2.0
2.0
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
19662-17086
2.0
2.0
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
17093-17086
2.0
2.0
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
17459-17084
1.0
2025-09-04T04:59:51
<p>Information published.</p>
2.0
2026-02-18T02:57:22
<p>Information published.</p>
drm/amd/pm: fix a potential gpu_metrics_table memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2021-47658
Missing Release of Memory after Effective Lifetime
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-25T01:01:19
<p>Information published.</p>
2.0
2026-03-03T14:45:31
<p>Information published.</p>
3.0
2026-03-31T15:07:39
<p>Information published.</p>
Bluetooth: hci_event: Ignore multiple conn complete events
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49138
NULL Pointer Dereference
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.7
5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.7
5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.7
5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-09-25T01:01:24
<p>Information published.</p>
2.0
2026-03-03T14:45:49
<p>Information published.</p>
3.0
2026-03-31T15:08:01
<p>Information published.</p>
ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49161
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-25T01:01:29
<p>Information published.</p>
parisc: Fix non-access data TLB cache flush faults
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49172
17087-17086
17087-17086
Important
17087-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
17087-17086
1.0
2025-09-25T01:01:35
<p>Information published.</p>
memstick/mspro_block: fix handling of read-only devices
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49178
Missing Release of Memory after Effective Lifetime
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-09-25T01:01:40
<p>Information published.</p>
2.0
2026-03-03T14:46:06
<p>Information published.</p>
3.0
2026-03-31T15:08:25
<p>Information published.</p>
drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49069
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-16T01:01:15
<p>Information published.</p>
mmc: core: use sysfs_emit() instead of sprintf()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49267
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
17087-17086
20925-17086
17087-17086
20925-17086
Moderate
17087-17086
Moderate
20925-17086
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
17087-17086
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
20925-17086
2.0
2026-03-03T14:35:48
<p>Information published.</p>
1.0
2025-10-22T01:01:58
<p>Information published.</p>
usb: dwc3: host: Stop setting the ACPI companion
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49306
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Moderate
21093-17086
Moderate
17087-17086
Moderate
20925-17086
4.4
4.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U
21093-17086
4.4
4.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U
17087-17086
4.4
4.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U
20925-17086
3.0
2026-03-31T14:44:15
<p>Information published.</p>
1.0
2025-10-22T01:02:03
<p>Information published.</p>
2.0
2026-03-03T14:36:05
<p>Information published.</p>
net: annotate races around sk->sk_bound_dev_if
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49420
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
2.0
2026-03-03T14:36:47
<p>Information published.</p>
3.0
2026-03-31T14:45:03
<p>Information published.</p>
1.0
2025-10-22T01:02:14
<p>Information published.</p>
media: i2c: dw9714: Disable the regulator when the driver fails to probe
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49528
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-22T01:02:25
<p>Information published.</p>
ath11k: Change max no of active probe SSID and BSSID to fw capability
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49533
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-22T01:02:31
<p>Information published.</p>
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21712
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
3.0
2026-03-31T14:48:16
<p>Information published.</p>
1.0
2025-10-25T01:02:06
<p>Information published.</p>
2.0
2026-03-03T14:39:44
<p>Information published.</p>
filemap: Handle sibling entries in filemap_get_read_batch()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49699
NULL Pointer Dereference
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-10-26T01:01:19
<p>Information published.</p>
2.0
2026-03-03T14:40:21
<p>Information published.</p>
3.0
2026-03-31T14:48:39
<p>Information published.</p>
wifi: brcmfmac: Check the return value of of_property_read_string_index()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21750
NULL Pointer Dereference
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
3.0
2026-03-31T14:53:25
<p>Information published.</p>
1.0
2025-10-30T01:01:57
<p>Information published.</p>
2.0
2026-03-03T14:42:38
<p>Information published.</p>
wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21729
19529-17084
19529-17084
Moderate
19529-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19529-17084
1.0
2025-09-03T19:35:56
<p>Information published.</p>
1.1
2026-02-18T01:05:43
<p>Information published.</p>
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/.
This vulnerability can be exploited when users rely on the URL function for host checking.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
snyk
Yes
CVE-2025-1211
Server-Side Request Forgery (SSRF)
19983-17086
19983-17086
Moderate
19983-17086
1.0
2025-09-04T01:58:16
<p>Information published.</p>
2.0
2026-02-18T15:03:54
<p>Information published.</p>
xfrm: state: fix out-of-bounds read during lookup
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57982
Out-of-bounds Read
17087-17086
19683-17084
20412-17084
20613-17084
20823-17084
20860-17084
20925-17086
21093-17086
20553-17084
20725-17084
20788-17084
17087-17086
19683-17084
20412-17084
20613-17084
20823-17084
20860-17084
20925-17086
21093-17086
20553-17084
20725-17084
20788-17084
Important
17087-17086
19683-17084
Important
20412-17084
Important
20613-17084
Important
20823-17084
Important
20860-17084
Important
20925-17086
Important
21093-17086
Important
20553-17084
Important
20725-17084
Important
20788-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17087-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
19683-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20412-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20613-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20823-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20860-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20925-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
21093-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20553-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20725-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
20788-17084
3.0
2026-01-08T14:38:06
<p>Information published.</p>
5.0
2026-02-21T02:56:00
<p>Information published.</p>
6.0
2026-03-03T14:43:43
<p>Information published.</p>
1.0
2025-09-03T21:11:07
<p>Information published.</p>
2.0
2025-12-07T01:39:21
<p>Information published.</p>
4.0
2026-01-20T14:36:43
<p>Information published.</p>
7.0
2026-03-31T14:56:09
<p>Information published.</p>
Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58013
Use After Free
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:53:55
<p>Information published.</p>
1.0
2025-09-03T19:43:35
<p>Information published.</p>
3.0
2026-03-31T15:11:49
<p>Information published.</p>
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
hackerone
Yes
CVE-2025-23085
Missing Release of Memory after Effective Lifetime
19608-17084
17280-16823
17696-17084
19873-17086
19608-17084
17280-16823
17696-17084
19873-17086
Moderate
19608-17084
Moderate
17280-16823
Moderate
17696-17084
Moderate
19873-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19608-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17280-16823
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17696-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
19873-17086
CBL-Mariner Releases
19608-17084
17696-17084
No
Security Update
20.14.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19608-17084
17696-17084
CBL-Mariner Releases
CBL-Mariner Releases
17280-16823
19873-17086
No
Security Update
18.20.3-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17280-16823
19873-17086
CBL-Mariner Releases
2.1
2026-02-19T01:08:37
<p>Information published.</p>
1.0
2025-02-14T00:00:00
<p>Information published.</p>
2.0
2025-02-20T00:00:00
<p>Information published.</p>
btrfs: do not clean up repair bio if submit fails
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49168
Use After Free
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-09-03T20:00:28
<p>Information published.</p>
2.0
2026-02-18T01:17:36
<p>Information published.</p>
macsec: fix UAF bug for real_dev
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49390
Use After Free
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
1.0
2025-09-03T19:56:21
<p>Information published.</p>
2.0
2026-02-18T01:14:55
<p>Information published.</p>
memcg: fix soft lockup in the OOM process
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57977
17103-16823
17465-17084
19682-17086
19529-17084
18490-17086
17103-16823
17465-17084
19682-17086
19529-17084
18490-17086
Moderate
17103-16823
Moderate
17465-17084
19682-17086
19529-17084
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
19529-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
19529-17084
CBL-Mariner Releases
2.0
2026-02-18T01:50:47
<p>Information published.</p>
1.0
2025-09-03T21:30:48
<p>Information published.</p>
drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-52559
Integer Overflow or Wraparound
17465-17084
20925-17086
21093-17086
17087-17086
19529-17084
17465-17084
20925-17086
21093-17086
17087-17086
19529-17084
Moderate
17465-17084
20925-17086
21093-17086
17087-17086
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17465-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
CBL-Mariner Releases
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
19529-17084
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19529-17084
CBL-Mariner Releases
2.0
2026-03-03T14:43:26
<p>Information published.</p>
3.0
2026-03-31T14:55:45
<p>Information published.</p>
1.0
2025-09-03T21:03:12
<p>Information published.</p>
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
kubernetes
Yes
CVE-2025-0426
Uncontrolled Resource Consumption
17517-17084
19253-17084
17517-17084
19253-17084
Moderate
17517-17084
Moderate
19253-17084
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17517-17084
6.2
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19253-17084
CBL-Mariner Releases
17517-17084
19253-17084
No
Security Update
1.30.10-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17517-17084
19253-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
1.1
2026-02-19T01:17:23
<p>Information published.</p>
eventfd double close
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
curl
Yes
CVE-2025-0665
Multiple Releases of Same Resource or Handle
19852-17086
19686-17084
19671-17084
21119-17084
21021-17084
19252-17084
17539-17084
17153-17086
19852-17086
19686-17084
19671-17084
21119-17084
21021-17084
19252-17084
17539-17084
17153-17086
19852-17086
Critical
19686-17084
Critical
19671-17084
Important
21119-17084
Important
21021-17084
Low
19252-17084
Critical
17539-17084
Critical
17153-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19852-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19686-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19671-17084
7.0
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
21119-17084
7.0
7.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
21021-17084
3.7
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
19252-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17539-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17153-17086
CBL-Mariner Releases
19252-17084
No
Security Update
8.11.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19252-17084
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2025-03-18T00:00:00
<p>Information published.</p>
4.0
2026-02-19T01:15:29
<p>Information published.</p>
5.0
2026-05-19T01:01:31
<p>Information published.</p>
3.0
2025-07-11T00:00:00
<p>Added mysql to CBL-Mariner 2.0
Added mysql to Azure Linux 3.0
Added curl to Azure Linux 3.0</p>
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
PostgreSQL
Yes
CVE-2025-1094
Improper Neutralization of Quoting Syntax
20304-17084
19261-16823
19262-17084
20306-17086
17174-17086
20304-17084
19261-16823
19262-17084
20306-17086
17174-17086
Important
20304-17084
Important
19261-16823
Important
19262-17084
20306-17086
Important
17174-17086
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20304-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
19261-16823
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
19262-17084
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
20306-17086
8.1
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
17174-17086
CBL-Mariner Releases
20304-17084
19262-17084
No
Security Update
16.7-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20304-17084
19262-17084
CBL-Mariner Releases
CBL-Mariner Releases
19261-16823
20306-17086
17174-17086
No
Security Update
14.16-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19261-16823
20306-17086
17174-17086
CBL-Mariner Releases
1.0
2025-02-20T00:00:00
<p>Information published.</p>
2.0
2025-02-21T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:18:50
<p>Information published.</p>
GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1181
Improper Restriction of Operations within the Bounds of a Memory Buffer
19280-17084
19263-16823
19265-17084
19760-17086
20203-17086
19280-17084
19263-16823
19265-17084
19760-17086
20203-17086
Low
19280-17084
Low
19263-16823
Low
19265-17084
Low
19760-17086
Low
20203-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19280-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19263-16823
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19265-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19760-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
20203-17086
CBL-Mariner Releases
19280-17084
19265-17084
No
Security Update
2.41-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19280-17084
19265-17084
CBL-Mariner Releases
CBL-Mariner Releases
19263-16823
19760-17086
No
Security Update
2.37-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19263-16823
19760-17086
CBL-Mariner Releases
1.0
2025-02-17T00:00:00
<p>Information published.</p>
2.0
2025-02-26T00:00:00
<p>Information published.</p>
5.0
2025-03-02T00:00:00
<p>Information published.</p>
6.0
2025-03-03T00:00:00
<p>Information published.</p>
1.0
2025-03-08T00:00:00
<p>Information published.</p>
1.1
2025-03-09T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.3
2025-03-11T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.4
2025-03-12T00:00:00
<p>Added binutils to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
9.1
2026-02-19T01:11:39
<p>Information published.</p>
3.0
2025-02-28T00:00:00
<p>Information published.</p>
4.0
2025-03-01T00:00:00
<p>Information published.</p>
7.0
2025-03-04T00:00:00
<p>Information published.</p>
8.0
2025-03-05T00:00:00
<p>Information published.</p>
9.0
2025-03-06T00:00:00
<p>Information published.</p>
1.2
2025-03-10T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1182
Improper Restriction of Operations within the Bounds of a Memory Buffer
19280-17084
20203-17086
19263-16823
19264-16823
19265-17084
19760-17086
19280-17084
20203-17086
19263-16823
19264-16823
19265-17084
19760-17086
Moderate
19280-17084
Moderate
20203-17086
Moderate
19263-16823
Moderate
19264-16823
Moderate
19265-17084
Moderate
19760-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19280-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
20203-17086
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19263-16823
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19264-16823
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19265-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19760-17086
CBL-Mariner Releases
19280-17084
19265-17084
No
Security Update
2.41-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19280-17084
19265-17084
CBL-Mariner Releases
CBL-Mariner Releases
20203-17086
19264-16823
No
Security Update
11.2-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20203-17086
19264-16823
CBL-Mariner Releases
CBL-Mariner Releases
19263-16823
19760-17086
No
Security Update
2.37-12
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19263-16823
19760-17086
CBL-Mariner Releases
1.0
2025-02-17T00:00:00
<p>Information published.</p>
2.0
2025-02-26T00:00:00
<p>Information published.</p>
3.0
2025-02-28T00:00:00
<p>Information published.</p>
6.0
2025-03-03T00:00:00
<p>Information published.</p>
8.0
2025-03-05T00:00:00
<p>Information published.</p>
9.0
2025-03-06T00:00:00
<p>Information published.</p>
1.2
2025-03-10T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.5
2025-03-19T00:00:00
<p>Added gdb to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
4.0
2025-03-01T00:00:00
<p>Information published.</p>
5.0
2025-03-02T00:00:00
<p>Information published.</p>
7.0
2025-03-04T00:00:00
<p>Information published.</p>
1.0
2025-03-08T00:00:00
<p>Information published.</p>
1.1
2025-03-09T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.3
2025-03-11T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0</p>
1.4
2025-03-12T00:00:00
<p>Added binutils to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
9.1
2026-02-19T01:15:03
<p>Information published.</p>
GNU elfutils eu-readelf readelf.c print_string_section buffer overflow
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1372
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
19273-17084
19273-17084
Moderate
19273-17084
5.3
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
19273-17084
CBL-Mariner Releases
19273-17084
No
Security Update
0.189-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19273-17084
CBL-Mariner Releases
1.0
2025-04-19T00:00:00
<p>Information published.</p>
GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1376
Improper Resource Shutdown or Release
19273-17084
19273-17084
Low
19273-17084
2.5
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
19273-17084
CBL-Mariner Releases
19273-17084
No
Security Update
0.189-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19273-17084
CBL-Mariner Releases
1.0
2025-04-19T00:00:00
<p>Information published.</p>
libarchive bsdunzip.c list null pointer dereference
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1632
NULL Pointer Dereference
19277-17084
19277-17084
Low
19277-17084
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
19277-17084
CBL-Mariner Releases
19277-17084
No
Security Update
3.7.7-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19277-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
Out-of-bounds Write in radare2
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GovTech CSG
Yes
CVE-2025-1744
Out-of-bounds Write
19842-17084
19671-17084
19746-17084
19818-17084
19814-17086
20354-17086
20355-17086
19712-17086
19847-17084
19752-17086
18315-17084
19737-17086
20203-17086
19889-17086
20356-17086
19668-17086
20359-17086
19721-17086
19802-17086
20026-17086
19718-17086
19686-17084
20787-17084
17438-17086
17183-17086
19278-16823
19280-17084
19281-17084
19666-17084
19693-17084
20357-17086
19760-17086
20217-17086
19768-17086
17384-17086
17868-17086
18447-17086
19842-17084
19671-17084
19746-17084
19818-17084
19814-17086
20354-17086
20355-17086
19712-17086
19847-17084
19752-17086
18315-17084
19737-17086
20203-17086
19889-17086
20356-17086
19668-17086
20359-17086
19721-17086
19802-17086
20026-17086
19718-17086
19686-17084
20787-17084
17438-17086
17183-17086
19278-16823
19280-17084
19281-17084
19666-17084
19693-17084
20357-17086
19760-17086
20217-17086
19768-17086
17384-17086
17868-17086
18447-17086
Critical
19842-17084
Critical
19671-17084
Critical
19746-17084
Critical
19818-17084
Critical
19814-17086
Critical
20354-17086
20355-17086
Critical
19712-17086
Critical
19847-17084
Critical
19752-17086
Critical
18315-17084
19737-17086
Critical
20203-17086
19889-17086
Critical
20356-17086
Critical
19668-17086
Critical
20359-17086
19721-17086
Critical
19802-17086
Critical
20026-17086
19718-17086
Critical
19686-17084
Critical
20787-17084
Critical
17438-17086
Critical
17183-17086
Critical
19278-16823
Critical
19280-17084
Critical
19281-17084
Critical
19666-17084
Critical
19693-17084
Critical
20357-17086
Critical
19760-17086
Critical
20217-17086
Critical
19768-17086
Critical
17384-17086
Critical
17868-17086
Critical
18447-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19842-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19671-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19746-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19818-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19814-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20354-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20355-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19712-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19847-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19752-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18315-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19737-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20203-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19889-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20356-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19668-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20359-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19721-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19802-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20026-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19718-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19686-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20787-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17438-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17183-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19278-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19280-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19281-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19666-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19693-17084
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20357-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19760-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20217-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
19768-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17384-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17868-17086
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18447-17086
CBL-Mariner Releases
19814-17086
No
Security Update
16.2.10-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19814-17086
CBL-Mariner Releases
CBL-Mariner Releases
20354-17086
No
Security Update
8.0.1-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20354-17086
CBL-Mariner Releases
CBL-Mariner Releases
19278-16823
19768-17086
No
Security Update
32.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19278-16823
19768-17086
CBL-Mariner Releases
CBL-Mariner Releases
19280-17084
No
Security Update
2.41-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19280-17084
CBL-Mariner Releases
CBL-Mariner Releases
19281-17084
19666-17084
No
Security Update
18.2.2-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19281-17084
19666-17084
CBL-Mariner Releases
CBL-Mariner Releases
19760-17086
No
Security Update
2.37-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19760-17086
CBL-Mariner Releases
3.0
2025-03-18T00:00:00
<p>Information published.</p>
6.0
2025-03-21T00:00:00
<p>Information published.</p>
8.0
2025-03-23T00:00:00
<p>Information published.</p>
1.2
2025-03-27T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.3
2025-03-28T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.4
2025-03-29T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.6
2025-03-31T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.7
2025-04-01T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.9
2025-04-04T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.0
2025-04-05T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.4
2025-04-09T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.9
2025-04-15T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.0
2025-04-16T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.3
2025-04-19T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.5
2025-04-21T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.8
2025-04-24T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.3
2025-04-30T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.4
2025-05-01T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.6
2025-05-03T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.8
2025-05-05T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.9
2025-05-06T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.0
2025-05-07T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.1
2025-05-08T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.3
2025-05-10T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.4
2025-05-11T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.5
2025-05-12T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.0
2025-05-17T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.4
2025-05-21T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.7
2025-05-24T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.8
2025-05-25T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.9
2025-05-26T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
11.0
2025-05-30T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
13.0
2025-06-01T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
14.1
2025-07-01T00:00:00
<p>Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0
Added crash to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
15.0
2026-01-07T01:01:17
<p>Information published.</p>
16.0
2026-01-08T01:40:54
<p>Information published.</p>
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-12T00:00:00
<p>Information published.</p>
4.0
2025-03-19T00:00:00
<p>Information published.</p>
5.0
2025-03-20T00:00:00
<p>Information published.</p>
7.0
2025-03-22T00:00:00
<p>Information published.</p>
9.0
2025-03-24T00:00:00
<p>Information published.</p>
1.0
2025-03-25T00:00:00
<p>Information published.</p>
1.1
2025-03-26T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.5
2025-03-30T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
1.8
2025-04-03T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.1
2025-04-06T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.2
2025-04-07T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.3
2025-04-08T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.5
2025-04-11T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.6
2025-04-12T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.7
2025-04-13T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
2.8
2025-04-14T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.1
2025-04-17T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.2
2025-04-18T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.4
2025-04-20T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.6
2025-04-22T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.7
2025-04-23T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
3.9
2025-04-25T00:00:00
<p>Added binutils to Azure Linux 3.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.0
2025-04-26T00:00:00
<p>Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0
Added binutils to Azure Linux 3.0</p>
4.1
2025-04-28T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.2
2025-04-29T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.5
2025-05-02T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
4.7
2025-05-04T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.2
2025-05-09T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.6
2025-05-13T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.7
2025-05-14T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.8
2025-05-15T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
5.9
2025-05-16T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.1
2025-05-18T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.2
2025-05-19T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.3
2025-05-20T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.5
2025-05-22T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
6.6
2025-05-23T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
7.0
2025-05-27T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
10.0
2025-05-28T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
12.0
2025-05-31T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
14.0
2025-06-02T00:00:00
<p>Added binutils to Azure Linux 3.0
Added crash to CBL-Mariner 2.0
Added binutils to CBL-Mariner 2.0
Added ceph to CBL-Mariner 2.0
Added cloud-hypervisor to CBL-Mariner 2.0</p>
17.0
2026-02-21T04:16:33
<p>Information published.</p>
net: sched: fix ets qdisc OOB Indexing
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21692
Improper Validation of Array Index
19705-17086
17501-17084
17099-17086
17095-16823
17476-17084
19705-17086
17501-17084
17099-17086
17095-16823
17476-17084
19705-17086
Important
17501-17084
Important
17099-17086
Important
17095-16823
Important
17476-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17501-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17476-17084
CBL-Mariner Releases
19705-17086
17099-17086
17095-16823
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
17095-16823
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
17476-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17476-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
3.0
2026-02-21T02:52:03
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
fs/proc: fix softlockup in __read_vmcore (part 2)
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21694
19705-17086
17501-17084
17095-16823
17476-17084
17099-17086
19705-17086
17501-17084
17095-16823
17476-17084
17099-17086
19705-17086
Moderate
17501-17084
Moderate
17095-16823
Moderate
17476-17084
Moderate
17099-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19705-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17095-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17476-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17095-16823
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17095-16823
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
17476-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17476-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:20:42
<p>Information published.</p>
net: sched: Disallow replacing of child qdisc from one parent to another
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21700
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Moderate
17095-16823
19705-17086
Moderate
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
19705-17086
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:13:50
<p>Information published.</p>
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21703
Use After Free
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
Important
17099-17086
Important
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
CBL-Mariner Releases
19705-17086
17099-17086
17095-16823
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
17095-16823
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T15:09:46
<p>Information published.</p>
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21716
Use of Uninitialized Resource
17471-17084
17501-17084
17471-17084
17501-17084
Moderate
17471-17084
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
net: rose: fix timer races against user threads
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21718
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
19682-17086
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
17103-16823
17471-17084
17501-17084
18490-17086
19682-17086
Important
17103-16823
Important
17471-17084
Important
17501-17084
Important
18490-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17103-16823
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
17501-17084
7.0
7.0
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:43:13
<p>Information published.</p>
usbnet: ipheth: fix DPE OoB read
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21741
Out-of-bounds Read
17494-17084
17501-17084
17494-17084
17501-17084
Important
17494-17084
Important
17501-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17494-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17501-17084
CBL-Mariner Releases
17494-17084
No
Security Update
6.6.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17494-17084
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
1.1
2026-02-18T01:34:00
<p>Information published.</p>
1.0
2025-03-14T00:00:00
<p>Information published.</p>
usbnet: ipheth: use static NDP16 location in URB
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21742
17501-17084
17494-17084
17501-17084
17494-17084
Important
17501-17084
Important
17494-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17501-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17494-17084
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
17494-17084
No
Security Update
6.6.78.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17494-17084
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:33:20
<p>Information published.</p>
blk-cgroup: Fix class @block_class's subsystem refcount leakage
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21745
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Moderate
17103-16823
Moderate
17471-17084
19682-17086
CBL-Mariner Releases
17501-17084
17471-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:36:19
<p>Information published.</p>
vsock: Keep the binding until socket destruction
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21756
Use After Free
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
Important
17471-17084
Important
17099-17086
Important
17095-16823
Important
17465-17084
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
CBL-Mariner Releases
17471-17084
17465-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17465-17084
CBL-Mariner Releases
CBL-Mariner Releases
17099-17086
17095-16823
19705-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17099-17086
17095-16823
19705-17086
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
3.0
2026-02-18T15:11:43
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
arp: use RCU protection in arp_xmit()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21762
17095-16823
17465-17084
19705-17086
17471-17084
17099-17086
17095-16823
17465-17084
19705-17086
17471-17084
17099-17086
Moderate
17095-16823
Moderate
17465-17084
19705-17086
Moderate
17471-17084
Moderate
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17465-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
19705-17086
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17471-17084
6.6
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
3.0
2026-02-18T15:06:05
<p>Information published.</p>
2.0
2025-05-05T00:00:00
<p>Information published.</p>
can: etas_es58x: fix potential NULL pointer dereference on udev->serial
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21773
NULL Pointer Dereference
17471-17084
17472-17084
17471-17084
17472-17084
17471-17084
Moderate
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
can: ctucanfd: handle skb allocation failure
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21775
NULL Pointer Dereference
17472-17084
17471-17084
17472-17084
17471-17084
Moderate
17472-17084
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21780
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
17087-17086
17471-17084
20925-17086
21093-17086
17472-17084
17087-17086
17471-17084
20925-17086
21093-17086
17472-17084
Important
17087-17086
Important
17471-17084
Important
20925-17086
Important
21093-17086
Important
17472-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17472-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
2.0
2026-03-03T14:41:28
<p>Information published.</p>
3.0
2026-03-31T14:52:25
<p>Information published.</p>
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:12:14
<p>Information published.</p>
orangefs: fix a oob in orangefs_debug_write
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21782
Out-of-bounds Read
18490-17086
17472-17084
19682-17086
17471-17084
18490-17086
17472-17084
19682-17086
17471-17084
Important
18490-17086
Important
17472-17084
19682-17086
Important
17471-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
18490-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17472-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
19682-17086
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17471-17084
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:30:42
<p>Information published.</p>
LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21789
Out-of-bounds Read
17471-17084
17472-17084
17471-17084
17472-17084
Important
17471-17084
Important
17472-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17471-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17472-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:35:00
<p>Information published.</p>
vxlan: check vxlan_vnigroup_init() return value
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21790
NULL Pointer Dereference
17472-17084
17471-17084
17472-17084
17471-17084
Moderate
17472-17084
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
spi: sn-f-ospi: Fix division by zero
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21793
17472-17084
17471-17084
17472-17084
17471-17084
Moderate
17472-17084
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21794
Out-of-bounds Read
17471-17084
17472-17084
17471-17084
17472-17084
Important
17471-17084
Important
17472-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17471-17084
7.1
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
17472-17084
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
1.1
2026-02-18T01:10:25
<p>Information published.</p>
tty: xilinx_uartps: split sysrq handling
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21820
Improper Locking
19682-17086
17501-17084
17103-16823
17471-17084
18490-17086
19682-17086
17501-17084
17103-16823
17471-17084
18490-17086
19682-17086
17501-17084
Moderate
17103-16823
Moderate
17471-17084
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
17471-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
1.0
2025-03-14T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:07:51
<p>Information published.</p>
Potential denial of service in golang.org/x/crypto
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Go
Yes
CVE-2025-22869
Allocation of Resources Without Limits or Throttling
19340-17084
19337-17084
19338-17084
19254-17084
19339-17084
19729-17084
19761-17086
19939-17086
19789-17086
19912-17086
19782-17086
19432-17084
18201-17086
19312-16823
19313-16823
19295-16823
19298-16823
19291-16823
19300-16823
19292-16823
19303-17084
17759-17084
17486-17084
19315-17084
19309-17084
19316-17084
19317-17084
19301-17084
19318-17084
18211-17084
19319-17084
17793-17084
19343-17084
19334-17084
19335-17084
19794-17086
19817-17086
19945-17086
19340-17084
19337-17084
19338-17084
19254-17084
19339-17084
19729-17084
19761-17086
19939-17086
19789-17086
19912-17086
19782-17086
19432-17084
18201-17086
19312-16823
19313-16823
19295-16823
19298-16823
19291-16823
19300-16823
19292-16823
19303-17084
17759-17084
17486-17084
19315-17084
19309-17084
19316-17084
19317-17084
19301-17084
19318-17084
18211-17084
19319-17084
17793-17084
19343-17084
19334-17084
19335-17084
19794-17086
19817-17086
19945-17086
Important
19340-17084
Important
19337-17084
Important
19338-17084
Important
19254-17084
Important
19339-17084
Important
19729-17084
Important
19761-17086
Important
19939-17086
Important
19789-17086
19912-17086
Important
19782-17086
Important
19432-17084
Important
18201-17086
Important
19312-16823
Important
19313-16823
Important
19295-16823
Important
19298-16823
Important
19291-16823
Important
19300-16823
Important
19292-16823
Important
19303-17084
Important
17759-17084
Important
17486-17084
Important
19315-17084
Important
19309-17084
Important
19316-17084
Important
19317-17084
Important
19301-17084
Important
19318-17084
Important
18211-17084
Important
19319-17084
Important
17793-17084
Important
19343-17084
Important
19334-17084
Important
19335-17084
Important
19794-17086
Important
19817-17086
Important
19945-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19340-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19337-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19338-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19254-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19339-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19729-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19761-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19939-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19789-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19912-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19782-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19432-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18201-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19312-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19313-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19295-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19298-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19291-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19300-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19292-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19303-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17759-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17486-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19315-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19309-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19316-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19317-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19301-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19318-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18211-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19319-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
17793-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19343-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19334-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19335-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19794-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19817-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19945-17086
CBL-Mariner Releases
19340-17084
19319-17084
No
Security Update
1.30.10-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19340-17084
19319-17084
CBL-Mariner Releases
CBL-Mariner Releases
19337-17084
19318-17084
No
Security Update
8.7.11-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19337-17084
19318-17084
CBL-Mariner Releases
CBL-Mariner Releases
19338-17084
19317-17084
No
Security Update
2.62.0-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19338-17084
19317-17084
CBL-Mariner Releases
CBL-Mariner Releases
19254-17084
19316-17084
No
Security Update
0.14.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19254-17084
19316-17084
CBL-Mariner Releases
CBL-Mariner Releases
19339-17084
19315-17084
No
Security Update
1.2.0-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19339-17084
19315-17084
CBL-Mariner Releases
CBL-Mariner Releases
19729-17084
19303-17084
No
Security Update
25.0.3-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19729-17084
19303-17084
CBL-Mariner Releases
CBL-Mariner Releases
19761-17086
19292-16823
No
Security Update
1.28.4-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19761-17086
19292-16823
CBL-Mariner Releases
CBL-Mariner Releases
19939-17086
19291-16823
No
Security Update
1.29.4-11
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19939-17086
19291-16823
CBL-Mariner Releases
CBL-Mariner Releases
19789-17086
19295-16823
No
Security Update
24.0.9-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19789-17086
19295-16823
CBL-Mariner Releases
CBL-Mariner Releases
19912-17086
18201-17086
19313-16823
No
Security Update
1.3.2-23
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19912-17086
18201-17086
19313-16823
CBL-Mariner Releases
CBL-Mariner Releases
19782-17086
19312-16823
No
Security Update
0.59.0-25
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19782-17086
19312-16823
CBL-Mariner Releases
CBL-Mariner Releases
19432-17084
19309-17084
No
Security Update
1.12.15-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19432-17084
19309-17084
CBL-Mariner Releases
CBL-Mariner Releases
19298-16823
19945-17086
No
Security Update
1.9.5-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19298-16823
19945-17086
CBL-Mariner Releases
CBL-Mariner Releases
19300-16823
19817-17086
No
Security Update
1.11.2-20
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19300-16823
19817-17086
CBL-Mariner Releases
CBL-Mariner Releases
17759-17084
19335-17084
No
Security Update
1.9.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17759-17084
19335-17084
CBL-Mariner Releases
CBL-Mariner Releases
17486-17084
19334-17084
No
Security Update
2.27.0-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17486-17084
19334-17084
CBL-Mariner Releases
CBL-Mariner Releases
19301-17084
19343-17084
No
Security Update
1.31.0-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19301-17084
19343-17084
CBL-Mariner Releases
CBL-Mariner Releases
18211-17084
No
Security Update
0.8.20-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
18211-17084
CBL-Mariner Releases
CBL-Mariner Releases
19794-17086
No
Security Update
2.17.3-10
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19794-17086
CBL-Mariner Releases
3.0
2025-03-12T00:00:00
<p>Information published.</p>
4.0
2025-03-13T00:00:00
<p>Information published.</p>
7.0
2025-03-27T00:00:00
<p>Information published.</p>
1.0
2025-03-08T00:00:00
<p>Information published.</p>
2.0
2025-03-10T00:00:00
<p>Information published.</p>
5.0
2025-03-18T00:00:00
<p>Information published.</p>
6.0
2025-03-25T00:00:00
<p>Information published.</p>
8.0
2026-02-21T03:43:06
<p>Information published.</p>
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
nvidia
Yes
CVE-2025-23359
Time-of-check Time-of-use (TOCTOU) Race Condition
20156-17086
19356-16823
19357-17084
20151-17084
20156-17086
19356-16823
19357-17084
20151-17084
Important
20156-17086
Important
19356-16823
Important
19357-17084
Important
20151-17084
8.3
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
20156-17086
8.3
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
19356-16823
8.3
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
19357-17084
8.3
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
20151-17084
CBL-Mariner Releases
20156-17086
19356-16823
19357-17084
20151-17084
No
Security Update
1.17.4-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20156-17086
19356-16823
19357-17084
20151-17084
CBL-Mariner Releases
1.0
2025-02-23T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:22:17
<p>Information published.</p>
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2025-24928
Stack-based Buffer Overflow
20051-17086
17475-17084
19447-17084
20051-17086
17475-17084
19447-17084
Important
20051-17086
Important
17475-17084
Important
19447-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
20051-17086
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
17475-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
19447-17084
CBL-Mariner Releases
20051-17086
No
Security Update
2.10.4-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20051-17086
CBL-Mariner Releases
CBL-Mariner Releases
17475-17084
19447-17084
No
Security Update
2.11.5-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17475-17084
19447-17084
CBL-Mariner Releases
1.0
2025-02-27T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:24:58
<p>Information published.</p>
Net::IMAP vulnerable to possible DoS by memory exhaustion
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-25186
Uncontrolled Resource Consumption
19364-17084
19393-17084
19364-17084
19393-17084
Moderate
19364-17084
Moderate
19393-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19364-17084
6.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
19393-17084
CBL-Mariner Releases
19364-17084
19393-17084
No
Security Update
3.3.5-2
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19364-17084
19393-17084
CBL-Mariner Releases
1.1
2026-02-19T01:11:16
<p>Information published.</p>
1.0
2025-04-16T00:00:00
<p>Information published.</p>
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26465
Detection of Error Condition Without Action
19453-17084
19369-16823
19370-17084
20199-17086
19453-17084
19369-16823
19370-17084
20199-17086
Moderate
19453-17084
Moderate
19369-16823
Moderate
19370-17084
Moderate
20199-17086
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
19453-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
19369-16823
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
19370-17084
6.8
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
20199-17086
CBL-Mariner Releases
19453-17084
19370-17084
No
Security Update
9.8p1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19453-17084
19370-17084
CBL-Mariner Releases
CBL-Mariner Releases
19369-16823
20199-17086
No
Security Update
8.9p1-7
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19369-16823
20199-17086
CBL-Mariner Releases
1.0
2025-02-22T00:00:00
<p>Information published.</p>
2.0
2025-02-27T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:23:13
<p>Information published.</p>
Xorg: xwayland: buffer overflow in xkbvmodmasktext()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26595
Stack-based Buffer Overflow
17593-17084
19982-17086
19372-17084
17593-17084
19982-17086
19372-17084
Important
17593-17084
Important
19982-17086
Important
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T04:01:17
<p>Information published.</p>
1.0
2025-03-10T00:00:00
<p>Information published.</p>
Xorg: xwayland: heap overflow in xkbwritekeysyms()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26596
Out-of-bounds Write
17593-17084
19372-17084
19982-17086
17593-17084
19372-17084
19982-17086
Important
17593-17084
Important
19372-17084
Important
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
1.0
2025-03-10T00:00:00
<p>Information published.</p>
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T04:05:17
<p>Information published.</p>
Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-26599
Access of Uninitialized Pointer
17593-17084
19372-17084
19982-17086
17593-17084
19372-17084
19982-17086
Important
17593-17084
Important
19372-17084
Important
19982-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17593-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19372-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19982-17086
CBL-Mariner Releases
17593-17084
19372-17084
No
Security Update
24.1.6-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17593-17084
19372-17084
CBL-Mariner Releases
CBL-Mariner Releases
19982-17086
No
Security Update
1.20.10-15
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19982-17086
CBL-Mariner Releases
2.0
2025-03-14T00:00:00
<p>Information published.</p>
2.1
2026-02-21T03:56:39
<p>Information published.</p>
1.0
2025-03-10T00:00:00
<p>Information published.</p>
SSH SFTP packet size not verified properly in Erlang OTP
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-26618
Memory Allocation with Excessive Size Value
20067-17086
19374-17084
17544-17084
20067-17086
19374-17084
17544-17084
Important
20067-17086
Important
19374-17084
Important
17544-17084
CBL-Mariner Releases
20067-17086
No
Security Update
25.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20067-17086
CBL-Mariner Releases
CBL-Mariner Releases
19374-17084
17544-17084
No
Security Update
26.2.5.9-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19374-17084
17544-17084
CBL-Mariner Releases
2.0
2025-03-13T00:00:00
<p>Information published.</p>
1.0
2025-03-04T00:00:00
<p>Information published.</p>
2.1
2026-02-21T02:58:56
<p>Information published.</p>
Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2024-12243
Inefficient Algorithmic Complexity
17479-17084
20134-17086
17479-17084
20134-17086
Moderate
17479-17084
Moderate
20134-17086
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
17479-17084
5.3
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
20134-17086
CBL-Mariner Releases
17479-17084
No
Security Update
3.8.3-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17479-17084
CBL-Mariner Releases
CBL-Mariner Releases
20134-17086
No
Security Update
3.7.11-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20134-17086
CBL-Mariner Releases
2.0
2025-04-22T00:00:00
<p>Information published.</p>
1.0
2025-03-25T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:19:35
<p>Information published.</p>
RFC7250 handshakes with unauthenticated servers don't abort as expected
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
openssl
Yes
CVE-2024-12797
Missing Report of Error Condition
17477-17084
17478-17084
20080-17084
20115-17086
20294-17086
19721-17086
20035-17084
19603-17084
20257-17084
20291-17084
19805-17086
19824-17084
19674-17086
17627-17084
19813-17086
19662-17086
20435-17084
17093-17086
17183-17086
17477-17084
17478-17084
20080-17084
20115-17086
20294-17086
19721-17086
20035-17084
19603-17084
20257-17084
20291-17084
19805-17086
19824-17084
19674-17086
17627-17084
19813-17086
19662-17086
20435-17084
17093-17086
17183-17086
Important
17477-17084
Important
17478-17084
Important
20080-17084
Moderate
20115-17086
Moderate
20294-17086
19721-17086
Moderate
20035-17084
Moderate
19603-17084
Moderate
20257-17084
Important
20291-17084
Important
19805-17086
Important
19824-17084
Moderate
19674-17086
Moderate
17627-17084
Moderate
19813-17086
19662-17086
Moderate
20435-17084
Moderate
17093-17086
Moderate
17183-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
17477-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
17478-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20080-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
20115-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
20294-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
19721-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
20035-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
19603-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
20257-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
20291-17084
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19805-17086
7.3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
19824-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
19674-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
17627-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
19813-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
19662-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
20435-17084
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
17093-17086
6.3
6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
17183-17086
CBL-Mariner Releases
17477-17084
19824-17084
No
Security Update
3.3.3-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17477-17084
19824-17084
CBL-Mariner Releases
CBL-Mariner Releases
17478-17084
20291-17084
No
Security Update
38.0.72.2-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17478-17084
20291-17084
CBL-Mariner Releases
CBL-Mariner Releases
19805-17086
No
Security Update
38.0.72.2-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19805-17086
CBL-Mariner Releases
3.0
2025-02-26T00:00:00
<p>Information published.</p>
1.0
2025-02-21T00:00:00
<p>Information published.</p>
2.0
2025-02-22T00:00:00
<p>Information published.</p>
4.0
2025-03-14T00:00:00
<p>Information published.</p>
5.0
2026-02-19T01:18:35
<p>Information published.</p>
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-56171
Use After Free
17475-17084
20051-17086
19447-17084
17475-17084
20051-17086
19447-17084
Important
17475-17084
Important
20051-17086
Important
19447-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
17475-17084
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
20051-17086
7.8
7.8
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
19447-17084
CBL-Mariner Releases
17475-17084
19447-17084
No
Security Update
2.11.5-4
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17475-17084
19447-17084
CBL-Mariner Releases
CBL-Mariner Releases
20051-17086
No
Security Update
2.10.4-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
20051-17086
CBL-Mariner Releases
2.0
2025-03-14T00:00:00
<p>Information published.</p>
1.0
2025-02-27T00:00:00
<p>Information published.</p>
2.1
2026-02-19T01:24:43
<p>Information published.</p>
media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57834
NULL Pointer Dereference
17103-16823
17472-17084
18490-17086
19682-17086
17471-17084
17103-16823
17472-17084
18490-17086
19682-17086
17471-17084
Moderate
17103-16823
Moderate
17472-17084
18490-17086
19682-17086
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17103-16823
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17472-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17472-17084
No
Security Update
6.6.79.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17472-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:16:49
<p>Information published.</p>
hrtimers: Handle CPU state correctly on hotplug
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57951
Use After Free
17095-16823
17476-17084
19705-17086
17501-17084
17099-17086
17095-16823
17476-17084
19705-17086
17501-17084
17099-17086
Important
17095-16823
Important
17476-17084
19705-17086
Important
17501-17084
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17476-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17501-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17476-17084
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17476-17084
17501-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
1.0
2025-03-13T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:20:55
<p>Information published.</p>
pps: Fix a use-after-free
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57979
Use After Free
17095-16823
19705-17086
17099-17086
17095-16823
19705-17086
17099-17086
Important
17095-16823
19705-17086
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17095-16823
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
17095-16823
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T15:11:23
<p>Information published.</p>
media: uvcvideo: Fix double free in error path
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57980
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
17103-16823
17471-17084
19682-17086
17501-17084
18490-17086
Important
17103-16823
Important
17471-17084
19682-17086
Important
17501-17084
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17501-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:49:33
<p>Information published.</p>
wifi: wcn36xx: fix channel survey memory allocation size
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57997
Use of Uninitialized Resource
17471-17084
17501-17084
17471-17084
17501-17084
Moderate
17471-17084
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
media: uvcvideo: Remove dangling pointers
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58002
17103-16823
17465-17084
19682-17086
17471-17084
18490-17086
17103-16823
17465-17084
19682-17086
17471-17084
18490-17086
Important
17103-16823
Important
17465-17084
19682-17086
Important
17471-17084
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
17103-16823
No
Security Update
5.15.179.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17103-16823
CBL-Mariner Releases
CBL-Mariner Releases
17465-17084
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17465-17084
17471-17084
CBL-Mariner Releases
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:11:21
<p>Information published.</p>
platform/x86: int3472: Check for adev == NULL
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58011
NULL Pointer Dereference
17471-17084
17087-17086
20925-17086
21093-17086
17501-17084
17471-17084
17087-17086
20925-17086
21093-17086
17501-17084
Moderate
17471-17084
17087-17086
20925-17086
21093-17086
17501-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17471-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17501-17084
CBL-Mariner Releases
17471-17084
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
17501-17084
CBL-Mariner Releases
1.0
2025-03-13T00:00:00
<p>Information published.</p>
3.0
2026-03-31T14:53:58
<p>Information published.</p>
2.0
2026-03-03T14:42:36
<p>Information published.</p>
vlan: fix memory leak in vlan_newlink()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49636
Missing Release of Memory after Effective Lifetime
19682-17086
17095-16823
18490-17086
19682-17086
17095-16823
18490-17086
19682-17086
Moderate
17095-16823
18490-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
CBL-Mariner Releases
17095-16823
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17095-16823
CBL-Mariner Releases
1.0
2025-09-03T21:57:17
<p>Information published.</p>
2.0
2026-02-18T02:00:07
<p>Information published.</p>
scsi: ufs: bsg: Set bsg_queue to NULL after removal
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-54458
Use After Free
17471-17084
19682-17086
18490-17086
17471-17084
19682-17086
18490-17086
Important
17471-17084
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17471-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
17471-17084
No
Security Update
6.6.82.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17471-17084
CBL-Mariner Releases
1.0
2025-04-09T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:06:59
<p>Information published.</p>
Grub2: net: out-of-bounds write in grub_net_search_config_file()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
redhat
Yes
CVE-2025-0624
Out-of-bounds Write
19544-16823
19588-17084
20107-17086
19544-16823
19588-17084
20107-17086
Important
19544-16823
Important
19588-17084
Important
20107-17086
7.6
7.6
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
19544-16823
7.6
7.6
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
19588-17084
7.6
7.6
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
20107-17086
CBL-Mariner Releases
19544-16823
20107-17086
No
Security Update
2.06-14
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19544-16823
20107-17086
CBL-Mariner Releases
CBL-Mariner Releases
19588-17084
No
Security Update
2.06-24
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19588-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
1.1
2026-02-21T02:49:52
<p>Information published.</p>
GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1352
Improper Restriction of Operations within the Bounds of a Memory Buffer
19589-17084
19589-17084
Low
19589-17084
5.0
5.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
19589-17084
CBL-Mariner Releases
19589-17084
No
Security Update
0.189-5
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19589-17084
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
vfio/platform: check the bounds of read/write syscalls
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21687
Out-of-bounds Read
19705-17086
17501-17084
17099-17086
19705-17086
17501-17084
17099-17086
19705-17086
Important
17501-17084
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17501-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.76.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
2.0
2025-05-05T00:00:00
<p>Information published.</p>
1.0
2025-03-14T00:00:00
<p>Information published.</p>
3.0
2026-02-19T01:23:51
<p>Information published.</p>
net: davicom: fix UAF in dm9000_drv_remove
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21715
17099-17086
19705-17086
17099-17086
19705-17086
Important
17099-17086
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
CBL-Mariner Releases
17099-17086
19705-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17099-17086
19705-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:54:56
<p>Information published.</p>
nilfs2: do not force clear folio if buffer is referenced
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21722
19705-17086
19529-17084
17099-17086
19705-17086
19529-17084
17099-17086
19705-17086
Important
19529-17084
Important
17099-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19705-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17099-17086
CBL-Mariner Releases
19705-17086
17099-17086
No
Security Update
5.15.180.1-1
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19705-17086
17099-17086
CBL-Mariner Releases
1.0
2025-05-05T00:00:00
<p>Information published.</p>
2.0
2026-02-18T01:10:01
<p>Information published.</p>
NFC: nci: Add bounds checking in nci_hci_create_pipe()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21735
19682-17086
17501-17084
18490-17086
19682-17086
17501-17084
18490-17086
19682-17086
Important
17501-17084
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17501-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
CBL-Mariner Releases
17501-17084
No
Security Update
6.6.78.1-3
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
17501-17084
CBL-Mariner Releases
2.0
2026-02-18T01:24:54
<p>Information published.</p>
1.0
2025-03-14T00:00:00
<p>Information published.</p>
BCryptGenerateSymmetricKey memory leak
https://nvd.nist.gov/vuln/detail/CVE-2025-25199
https://nvd.nist.gov/vuln/detail/CVE-2025-25199
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
GitHub_M
Yes
CVE-2025-25199
Missing Release of Memory after Effective Lifetime
12139
12140
19679-17084
19697-17084
19730-17086
19747-17086
19785-17086
18444-17086
12139
12140
19679-17084
19697-17084
19730-17086
19747-17086
19785-17086
18444-17086
12139
12140
Important
19679-17084
Important
19697-17084
Important
19730-17086
19747-17086
Important
19785-17086
Important
18444-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12139
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
12140
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19679-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19697-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19730-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19747-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19785-17086
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
18444-17086
golang
12139
golang-1.22.7-4.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.22.7-4
https://nvd.nist.gov/vuln/detail/CVE-2025-25199
12139
golang
golang
12140
golang-1.22.7-4.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
1.22.7-4
https://nvd.nist.gov/vuln/detail/CVE-2025-25199
12140
golang
CBL-Mariner Releases
19679-17084
19697-17084
19730-17086
19747-17086
19785-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19679-17084
19697-17084
19730-17086
19747-17086
19785-17086
CBL-Mariner Releases
1.0
2025-07-11T00:00:00
<p>Information published.</p>
2.0
2026-02-19T01:19:21
<p>Information published.</p>
GNU Binutils ld xstrdup.c xstrdup memory leak
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
VulDB
Yes
CVE-2025-1152
Missing Release of Memory after Effective Lifetime
18315-17084
19634-17084
18844-17084
19818-17084
20203-17086
20219-17086
19718-17086
20414-17084
20568-17084
20567-17084
20599-17086
20618-17084
20787-17084
20237-17084
20100-17086
20376-17086
18447-17086
20524-17086
20525-17086
20569-17084
20598-17086
20600-17086
20688-17086
20936-17086
21200-17084
21201-17084
21253-17084
18315-17084
19634-17084
18844-17084
19818-17084
20203-17086
20219-17086
19718-17086
20414-17084
20568-17084
20567-17084
20599-17086
20618-17084
20787-17084
20237-17084
20100-17086
20376-17086
18447-17086
20524-17086
20525-17086
20569-17084
20598-17086
20600-17086
20688-17086
20936-17086
21200-17084
21201-17084
21253-17084
Low
18315-17084
Low
19634-17084
Low
18844-17084
19818-17084
Low
20203-17086
20219-17086
19718-17086
Low
20414-17084
Low
20568-17084
Low
20567-17084
Low
20599-17086
Low
20618-17084
Low
20787-17084
Low
20237-17084
Low
20100-17086
Low
20376-17086
Low
18447-17086
Low
20524-17086
Low
20525-17086
Low
20569-17084
Low
20598-17086
Low
20600-17086
Low
20688-17086
Low
20936-17086
Low
21200-17084
Low
21201-17084
Low
21253-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18315-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19634-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18844-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19818-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20203-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20219-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
19718-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20414-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20568-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20567-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20599-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20618-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20787-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20237-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20100-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20376-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
18447-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20524-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20525-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20569-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20598-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20600-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20688-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
20936-17086
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21200-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21201-17084
3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
21253-17084
1.0
2025-09-03T23:21:22
<p>Information published.</p>
4.0
2026-03-03T14:37:41
<p>Information published.</p>
6.0
2026-04-29T14:39:24
<p>Information published.</p>
2.0
2025-12-06T14:35:16
<p>Information published.</p>
3.0
2026-01-08T14:36:31
<p>Information published.</p>
5.0
2026-04-14T14:37:34
<p>Information published.</p>
fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-52560
19529-17084
17087-17086
19529-17084
17087-17086
Moderate
19529-17084
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19529-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-09-04T00:00:56
<p>Information published.</p>
1.1
2026-02-18T01:25:04
<p>Information published.</p>
mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49484
NULL Pointer Dereference
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Moderate
18490-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19682-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
18490-17086
2.0
2026-02-18T14:56:50
<p>Information published.</p>
1.0
2025-09-04T00:44:03
<p>Information published.</p>
wifi: ath12k: Fix for out-of bound access error
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58015
19529-17084
19529-17084
Moderate
19529-17084
6.0
6.0
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
19529-17084
1.0
2025-09-04T01:44:58
<p>Information published.</p>
1.1
2026-02-18T01:41:44
<p>Information published.</p>
PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58006
19683-17084
20412-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
20553-17084
20788-17084
21308-17084
21332-17084
21344-17084
19683-17084
20412-17084
20613-17084
20725-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
20553-17084
20788-17084
21308-17084
21332-17084
21344-17084
19683-17084
Moderate
20412-17084
Moderate
20613-17084
Moderate
20725-17084
Moderate
20823-17084
Moderate
20860-17084
Moderate
20956-17084
Moderate
21094-17084
Moderate
21248-17084
Moderate
20553-17084
Moderate
20788-17084
Moderate
21308-17084
Moderate
21332-17084
Moderate
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:39:18
<p>Information published.</p>
3.0
2026-01-08T14:36:18
<p>Information published.</p>
4.0
2026-01-20T14:49:18
<p>Information published.</p>
6.0
2026-03-04T14:44:12
<p>Information published.</p>
7.0
2026-03-31T15:16:19
<p>Information published.</p>
9.0
2026-05-06T14:48:34
<p>Information published.</p>
10.0
2026-05-11T01:46:54
<p>Information published.</p>
1.0
2025-09-04T01:52:18
<p>Information published.</p>
5.0
2026-02-19T01:50:35
<p>Information published.</p>
8.0
2026-04-29T14:54:30
<p>Information published.</p>
11.0
2026-05-17T14:47:57
<p>Information published.</p>
block: mark GFP_NOIO around sysfs ->store()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21817
19529-17084
19529-17084
19529-17084
1.0
2025-09-04T02:10:59
<p>Information published.</p>
ax25: rcu protect dev->ax25_ptr
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21812
Use After Free
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
1.0
2025-09-04T02:45:19
<p>Information published.</p>
2.0
2026-02-18T15:07:00
<p>Information published.</p>
i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57984
Use After Free
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Important
20925-17086
Important
21093-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-09-04T03:45:33
<p>Information published.</p>
3.0
2026-03-31T15:09:02
<p>Information published.</p>
2.0
2026-03-03T14:51:53
<p>Information published.</p>
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57255
Integer Overflow or Wraparound
19662-17086
17459-17084
17093-17086
19662-17086
17459-17084
17093-17086
19662-17086
Important
17459-17084
Important
17093-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
19662-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17459-17084
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17093-17086
2.0
2026-02-18T02:49:31
<p>Information published.</p>
1.0
2025-09-04T03:52:20
<p>Information published.</p>
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49535
Use After Free
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
CBL-Mariner Releases
19682-17086
No
Security Update
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
19682-17086
CBL-Mariner Releases
1.0
2025-09-04T03:58:29
<p>Information published.</p>
2.0
2026-02-18T15:10:55
<p>Information published.</p>
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57259
Off-by-one Error
19662-17086
17093-17086
17459-17084
19662-17086
17093-17086
17459-17084
19662-17086
Important
17093-17086
Important
17459-17084
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
19662-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17093-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17459-17084
1.0
2025-09-04T04:14:59
<p>Information published.</p>
2.0
2026-02-18T02:53:04
<p>Information published.</p>
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2024-57258
Integer Overflow or Wraparound
19662-17086
17093-17086
17459-17084
19662-17086
17093-17086
17459-17084
19662-17086
Important
17093-17086
Important
17459-17084
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
19662-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17093-17086
7.1
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
17459-17084
1.0
2025-09-04T04:25:09
<p>Information published.</p>
2.0
2026-02-18T02:53:42
<p>Information published.</p>
net: dsa: Avoid cross-chip syncing of VLAN filtering
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49234
Out-of-bounds Read
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
1.0
2025-09-24T01:01:24
<p>Information published.</p>
2.0
2026-03-03T14:45:12
<p>Information published.</p>
3.0
2026-03-31T15:07:17
<p>Information published.</p>
x86/mce: Work around an erratum on fast string copy instructions
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49124
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
1.0
2025-10-17T01:01:16
<p>Information published.</p>
2.0
2026-03-03T15:02:59
<p>Information published.</p>
3.0
2026-03-31T14:40:58
<p>Information published.</p>
drm/amdkfd: svm range restore work deadlock when process exit
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49133
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-17T01:01:22
<p>Information published.</p>
net/mlx5: E-Switch, pair only capable devices
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49333
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Moderate
21093-17086
Moderate
17087-17086
Moderate
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
3.0
2026-03-31T14:44:38
<p>Information published.</p>
1.0
2025-10-22T01:02:09
<p>Information published.</p>
2.0
2026-03-03T14:36:28
<p>Information published.</p>
scsi: lpfc: Inhibit aborts if external loopback plug is inserted
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49504
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Moderate
21093-17086
Moderate
17087-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
2.0
2026-03-03T14:37:06
<p>Information published.</p>
3.0
2026-03-31T14:45:26
<p>Information published.</p>
1.0
2025-10-22T01:02:20
<p>Information published.</p>
spi: fsi: Implement a timeout for polling status
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49173
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-24T01:01:33
<p>Information published.</p>
btrfs: fix anon_dev leak in create_subvol()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49469
Missing Release of Memory after Effective Lifetime
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Low
20925-17086
Low
21093-17086
Low
17087-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
20925-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
21093-17086
3.3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
17087-17086
1.0
2025-10-24T01:01:38
<p>Information published.</p>
2.0
2026-03-03T14:37:45
<p>Information published.</p>
3.0
2026-03-31T14:46:11
<p>Information published.</p>
ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49543
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-24T01:01:44
<p>Information published.</p>
bpf: Fix combination of jit blinding and pointers to bpf subprogs.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49552
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Moderate
17087-17086
Moderate
20925-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
2.0
2026-03-03T14:38:00
<p>Information published.</p>
1.0
2025-10-24T01:01:49
<p>Information published.</p>
3.0
2026-03-31T14:46:38
<p>Information published.</p>
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49562
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Moderate
17087-17086
Moderate
21093-17086
Moderate
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
2.0
2026-03-03T14:38:19
<p>Information published.</p>
3.0
2026-03-31T14:47:03
<p>Information published.</p>
1.0
2025-10-24T01:01:54
<p>Information published.</p>
KVM: VMX: Prevent RSB underflow before vmenter
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49610
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Low
20925-17086
Low
21093-17086
Low
17087-17086
3.3
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
20925-17086
3.3
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
21093-17086
3.3
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U
17087-17086
1.0
2025-10-24T01:02:30
<p>Information published.</p>
3.0
2026-03-31T14:47:29
<p>Information published.</p>
2.0
2026-03-03T14:38:35
<p>Information published.</p>
drm/i915/selftests: fix subtraction overflow bug
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49635
Out-of-bounds Write
17087-17086
17087-17086
Moderate
17087-17086
6.6
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U
17087-17086
1.0
2025-10-24T01:02:36
<p>Information published.</p>
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-57993
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Moderate
20925-17086
Moderate
21093-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
2.0
2026-03-03T14:39:26
<p>Information published.</p>
3.0
2026-03-31T14:47:53
<p>Information published.</p>
1.0
2025-10-25T01:01:57
<p>Information published.</p>
ice: Fix memory corruption in VF driver
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49722
Out-of-bounds Write
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
20925-17086
Important
17087-17086
Important
21093-17086
Important
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
1.0
2025-10-26T01:01:25
<p>Information published.</p>
3.0
2026-03-31T14:49:04
<p>Information published.</p>
2.0
2026-03-03T14:40:38
<p>Information published.</p>
hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21816
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Moderate
21093-17086
Moderate
17087-17086
Moderate
20925-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
21093-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
17087-17086
5.5
5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U
20925-17086
2.0
2026-03-03T14:41:13
<p>Information published.</p>
3.0
2026-03-31T14:49:50
<p>Information published.</p>
1.0
2025-10-29T01:01:38
<p>Information published.</p>
fbdev: omap: use threaded IRQ for LCD DMA
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21821
17087-17086
17087-17086
Moderate
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
1.0
2025-10-29T01:01:43
<p>Information published.</p>
misc: fastrpc: Fix copy buffer page size
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21734
Out-of-bounds Write
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
Important
17087-17086
Important
20925-17086
Important
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
2.0
2026-03-03T14:42:01
<p>Information published.</p>
3.0
2026-03-31T14:52:38
<p>Information published.</p>
1.0
2025-10-30T01:01:46
<p>Information published.</p>
ata: libata-sff: Ensure that we cannot write outside the allocated buffer
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21738
20925-17086
17087-17086
21093-17086
20925-17086
17087-17086
21093-17086
Moderate
20925-17086
Moderate
17087-17086
Moderate
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
3.0
2026-03-31T14:53:02
<p>Information published.</p>
1.0
2025-10-30T01:01:51
<p>Information published.</p>
2.0
2026-03-03T14:42:18
<p>Information published.</p>
net/mlx5: HWS, change error flow on matcher disconnect
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21751
19529-17084
19682-17086
18490-17086
19529-17084
19682-17086
18490-17086
Important
19529-17084
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19529-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
1.0
2025-09-03T19:48:34
<p>Information published.</p>
2.0
2026-02-18T01:12:04
<p>Information published.</p>
scsi: ufs: core: Fix use-after free in init error and remove paths
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21739
Use After Free
19682-17086
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
19683-17084
20412-17084
20553-17084
20613-17084
18490-17086
19682-17086
20725-17084
20788-17084
20823-17084
20860-17084
20956-17084
21094-17084
21248-17084
19683-17084
20412-17084
20553-17084
20613-17084
18490-17086
19682-17086
Important
20725-17084
Important
20788-17084
Important
20823-17084
Important
20860-17084
Important
20956-17084
Important
21094-17084
Important
21248-17084
19683-17084
Important
20412-17084
Important
20553-17084
Important
20613-17084
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20412-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20553-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
2.0
2025-12-07T01:41:19
<p>Information published.</p>
8.0
2026-03-31T15:12:32
<p>Information published.</p>
9.0
2026-04-29T14:43:14
<p>Information published.</p>
10.0
2026-05-02T14:37:20
<p>Information published.</p>
1.0
2025-09-03T19:29:19
<p>Information published.</p>
3.0
2026-01-08T14:40:54
<p>Information published.</p>
4.0
2026-01-20T14:38:17
<p>Information published.</p>
5.0
2026-02-18T01:02:53
<p>Information published.</p>
6.0
2026-02-18T15:12:52
<p>Information published.</p>
7.0
2026-03-04T14:37:51
<p>Information published.</p>
scsi: mpi3mr: Fix possible crash when setting up bsg fails
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21723
19683-17084
20412-17084
20613-17084
20788-17084
20823-17084
21248-17084
21332-17084
20553-17084
20725-17084
20860-17084
20956-17084
21094-17084
21308-17084
21344-17084
19683-17084
20412-17084
20613-17084
20788-17084
20823-17084
21248-17084
21332-17084
20553-17084
20725-17084
20860-17084
20956-17084
21094-17084
21308-17084
21344-17084
19683-17084
20412-17084
20613-17084
20788-17084
20823-17084
21248-17084
21332-17084
20553-17084
20725-17084
20860-17084
20956-17084
21094-17084
21308-17084
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
2.0
2025-12-07T01:39:11
<p>Information published.</p>
3.0
2026-01-08T14:37:56
<p>Information published.</p>
6.0
2026-03-04T14:36:29
<p>Information published.</p>
7.0
2026-03-31T14:55:21
<p>Information published.</p>
8.0
2026-04-29T14:41:10
<p>Information published.</p>
1.0
2025-09-03T21:00:20
<p>Information published.</p>
4.0
2026-01-20T14:36:32
<p>Information published.</p>
5.0
2026-02-21T02:53:04
<p>Information published.</p>
9.0
2026-05-06T14:37:55
<p>Information published.</p>
10.0
2026-05-11T01:38:20
<p>Information published.</p>
11.0
2026-05-17T14:39:04
<p>Information published.</p>
RDMA/mlx5: Fix implicit ODP use after free
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2025-21714
Use After Free
20412-17084
20553-17084
20613-17084
20725-17084
20788-17084
20823-17084
20925-17086
20956-17084
21094-17084
21248-17084
21332-17084
19683-17084
17087-17086
20860-17084
21093-17086
21308-17084
21344-17084
20412-17084
20553-17084
20613-17084
20725-17084
20788-17084
20823-17084
20925-17086
20956-17084
21094-17084
21248-17084
21332-17084
19683-17084
17087-17086
20860-17084
21093-17086
21308-17084
21344-17084
Important
20412-17084
Important
20553-17084
Important
20613-17084
Important
20725-17084
Important
20788-17084
Important
20823-17084
Important
20925-17086
Important
20956-17084
Important
21094-17084
Important
21248-17084
Important
21332-17084
19683-17084
Important
17087-17086
Important
20860-17084
Important
21093-17086
Important
21308-17084
Moderate
21344-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20412-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20553-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20613-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20725-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20788-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20823-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20956-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21094-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21248-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21332-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19683-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20860-17084
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21308-17084
6.7
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
21344-17084
1.0
2025-09-03T19:34:59
<p>Information published.</p>
2.0
2025-12-07T01:40:37
<p>Information published.</p>
4.0
2026-01-20T14:37:35
<p>Information published.</p>
6.0
2026-03-03T14:53:38
<p>Information published.</p>
8.0
2026-03-31T15:11:05
<p>Information published.</p>
9.0
2026-04-29T14:42:34
<p>Information published.</p>
11.0
2026-05-11T01:39:05
<p>Information published.</p>
3.0
2026-01-08T14:40:13
<p>Information published.</p>
5.0
2026-02-18T15:12:25
<p>Information published.</p>
7.0
2026-03-04T14:37:24
<p>Information published.</p>
10.0
2026-05-06T14:38:41
<p>Information published.</p>
12.0
2026-05-17T14:39:56
<p>Information published.</p>
12.1
2026-05-22T01:40:10
<p>Information published.</p>
ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2024-58012
NULL Pointer Dereference
20412-17084
20613-17084
20725-17084
20860-17084
20956-17084
21094-17084
21093-17086
21248-17084
21308-17084
21332-17084
19683-17084
17087-17086
20553-17084
20788-17084
20823-17084
20925-17086
21344-17084
20412-17084
20613-17084
20725-17084
20860-17084
20956-17084
21094-17084
21093-17086
21248-17084
21308-17084
21332-17084
19683-17084
17087-17086
20553-17084
20788-17084
20823-17084
20925-17086
21344-17084
20412-17084
20613-17084
20725-17084
20860-17084
20956-17084
21094-17084
21093-17086
21248-17084
21308-17084
21332-17084
19683-17084
17087-17086
20553-17084
20788-17084
20823-17084
20925-17086
21344-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20412-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20613-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20725-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20860-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20956-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21094-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21093-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21248-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21308-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21332-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
19683-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
17087-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20553-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20788-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20823-17084
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
20925-17086
5.5
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
21344-17084
3.0
2026-01-08T14:37:45
<p>Information published.</p>
4.0
2026-01-20T14:36:22
<p>Information published.</p>
5.0
2026-02-21T02:48:06
<p>Information published.</p>
6.0
2026-03-03T14:43:09
<p>Information published.</p>
7.0
2026-03-04T14:36:21
<p>Information published.</p>
8.0
2026-03-31T14:54:58
<p>Information published.</p>
9.0
2026-04-29T14:40:57
<p>Information published.</p>
11.0
2026-05-11T01:38:09
<p>Information published.</p>
1.0
2025-09-03T20:41:57
<p>Information published.</p>
2.0
2025-12-07T01:39:00
<p>Information published.</p>
10.0
2026-05-06T14:37:47
<p>Information published.</p>
12.0
2026-05-17T14:38:53
<p>Information published.</p>
io_uring/rw: split io_read() into a helper
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2023-52926
Use After Free
19682-17086
18490-17086
19682-17086
18490-17086
19682-17086
Important
18490-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
19682-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
18490-17086
1.0
2025-09-03T19:32:20
<p>Information published.</p>
2.0
2026-02-18T01:04:19
<p>Information published.</p>
drm/panfrost: Job should reference MMU not file_priv
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49359
Use After Free
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
20925-17086
Important
21093-17086
Important
17087-17086
Important
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
1.0
2025-09-03T20:04:15
<p>Information published.</p>
2.0
2026-03-03T14:54:45
<p>Information published.</p>
3.0
2026-03-31T15:13:31
<p>Information published.</p>
netfilter: nf_tables: avoid skb access on nf_stolen
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
Linux
Yes
CVE-2022-49622
Use After Free
20925-17086
21093-17086
17087-17086
20925-17086
21093-17086
17087-17086
Important
20925-17086
Important
21093-17086
Important
17087-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
20925-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
21093-17086
7.8
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
17087-17086
1.0
2025-09-03T19:31:24
<p>Information published.</p>
2.0
2026-03-03T14:52:48
<p>Information published.</p>
3.0
2026-03-31T15:10:14
<p>Information published.</p>
Chromium: CVE -2025-0996 Inappropriate implementation in Browser UI
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.69</td>
<td>2/14/2025</td>
<td>133.0.6943.98/.99</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0996
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.69
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-14T08:00:03
<p>Information published.</p>
Chromium: CVE -2025-0995 Use after free in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.69</td>
<td>2/14/2025</td>
<td>133.0.6943.98/.99</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0995
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.69
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-14T08:00:57
<p>Information published.</p>
Chromium: CVE -2025-0997 Use after free in Navigation
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.69</td>
<td>2/14/2025</td>
<td>133.0.6943.98/.99</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0997
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.69
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-14T08:00:06
<p>Information published.</p>
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
<p><strong>How do I get the update for Microsoft HPC Pack?</strong></p>
<p>If you do not have automatic updates enabled you need to manually update your extension. See <a href="https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-agent-update?tabs=windows">Update Network Watcher extension to the latest version</a> for update instructions. Customers who have automatic updates enabled do not need to take any further action.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p>
<p>To successfully exploit this vulnerability, an attacker must be a <a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#contributor">Contributor</a> or <a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#owner">Owner</a> in the target environment to perform actions restricted from average users.</p>
Azure Network Watcher
Microsoft
Yes
CVE-2025-21188
Improper Link Resolution Before File Access ('Link Following')
12127
Elevation of Privilege
12127
Important
12127
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.0
5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12127
Release Notes
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-update?tabs=windows
12127
Yes
Security Update
1.4.3563.1
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-agent-update?tabs=windows
12127
Release Notes
<a href="https://twitter.com/filip_dragovic">Filip Dragović</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Visual Studio Installer Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Exploitation of this vulnerability requires that a local user executes the Visual Studio installer</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Visual Studio
Microsoft
Yes
CVE-2025-21206
Uncontrolled Search Path Element
11600
11935
12271
12322
12459
Elevation of Privilege
11600
Elevation of Privilege
11935
Elevation of Privilege
12271
Elevation of Privilege
12322
Elevation of Privilege
12459
Important
11600
Important
11935
Important
12271
Important
12322
Important
12459
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11600
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11935
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12271
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12322
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12459
Release Notes
http://aka.ms/vs/15/release/latest
11600
Maybe
Security Update
15.9.70
https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes
11600
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.44
https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11
11935
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
12271
Maybe
Security Update
17.8.18
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12271
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10
12322
Maybe
Security Update
17.10.11
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12322
Release Notes
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.12
12459
Maybe
Security Update
17.12.5
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
12459
Release Notes
<a href="https://www.linkedin.com/in/karanbamal/">Karan Bamal</a> with <a href="http://www.sentinelone.com/">Sentinel One</a>
Stefan Đurašković
<a href="https://medium.com/@spoppi">Sandro Poppi</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Active Directory Domain Services API Denial of Service Vulnerability
Active Directory Domain Services
Microsoft
Yes
CVE-2025-21351
Uncontrolled Resource Consumption
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
<a href="https://twitter.com/guhe120">Yuki Chen</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Denial of Service Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2025-21352
Uncontrolled Resource Consumption
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Digest Authentication Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Microsoft Digest Authentication
Microsoft
Yes
CVE-2025-21368
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
<a href="https://twitter.com/guhe120">Yuki Chen</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Digest Authentication Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.</p>
<p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>
Microsoft Digest Authentication
Microsoft
Yes
CVE-2025-21369
Heap-based Buffer Overflow
Integer Overflow or Wraparound
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
<a href="https://twitter.com/guhe120">Yuki Chen</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft Streaming Service
Microsoft
Yes
CVE-2025-21375
Improper Input Validation
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
<a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in a buffer overflow which could be leveraged to achieve remote code execution.</p>
Windows LDAP - Lightweight Directory Access Protocol
Microsoft
Yes
CVE-2025-21376
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Integer Underflow (Wrap or Wraparound)
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Critical
11568
Critical
11569
Critical
11571
Critical
11572
Critical
11923
Critical
11924
Critical
11929
Critical
11930
Critical
11931
Critical
12085
Critical
12086
Critical
12097
Critical
12098
Critical
12099
Critical
12437
Critical
12242
Critical
12243
Critical
12244
Critical
12389
Critical
12390
Critical
12436
Critical
10729
Critical
10735
Critical
10852
Critical
10853
Critical
10816
Critical
10855
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.1
7.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
DHCP Client Service Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows DHCP Server
Microsoft
Yes
CVE-2025-21379
Use After Free
12437
12389
12390
12436
Remote Code Execution
12437
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Critical
12437
Critical
12389
Critical
12390
Critical
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
Milan Justel with Microsoft
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Excel Information Disclosure Vulnerability
<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-21383
Out-of-bounds Read
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Information Disclosure
11573
Information Disclosure
11574
Information Disclosure
11762
Information Disclosure
11763
Information Disclosure
11951
Information Disclosure
11952
Information Disclosure
11953
Information Disclosure
12420
Information Disclosure
12421
Information Disclosure
12440
Information Disclosure
10739
Information Disclosure
10740
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002179
https://www.microsoft.com/download/details.aspx?familyid=ea71801b-daaa-4a46-8d4c-0858066c1043
3118335
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/kb/5002179
10739
5002179
5002179
https://www.microsoft.com/download/details.aspx?familyid=8a8589d6-c63a-4f1b-9f08-f8af2fce777f
3118335
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/kb/5002179
10740
5002179
F4
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Resilient File System (ReFS) Deduplication Service
Microsoft
Yes
CVE-2025-21182
Double Free
12437
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a>
<a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Resilient File System (ReFS) Deduplication Service
Microsoft
Yes
CVE-2025-21183
Double Free
12437
12389
12390
12436
Elevation of Privilege
12437
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
12437
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.4
6.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
<a href="https://linkedin.com/in/jongseongkim">Jongseong Kim (nevul37)</a> with <a href="https://enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a>
<a href="https://linkedin.com/in/kdj-abysslab">Dongjun Kim (smlijun)</a> with <a href="https://www.enki.co.kr/">Ajou University, and working at ENKI WhiteHat</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Storage Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker would be able to delete targeted files on a system.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to major loss on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
Windows Storage
Microsoft
Yes
CVE-2025-21391
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11568
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11569
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11571
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11572
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11923
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11924
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11929
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11930
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11931
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12085
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12086
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12097
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12098
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12099
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12437
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12242
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12243
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12244
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12389
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12390
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12436
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10729
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10735
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10852
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10853
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10816
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Ancillary Function Driver for WinSock
Microsoft
Yes
CVE-2025-21418
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11568
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11569
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11571
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11572
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11923
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11924
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11929
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11930
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
11931
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12085
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12086
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12097
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12098
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12099
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12437
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12242
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12243
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12244
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12389
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12390
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
12436
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10729
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10735
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10852
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10853
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10816
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10855
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9312
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10287
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9318
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
9344
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10051
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10049
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10378
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10379
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10483
7.8
7.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to major loss on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker would be able to delete targeted files on a system.</p>
Windows Setup Files Cleanup
Microsoft
Yes
CVE-2025-21419
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11568
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11569
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11571
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11572
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11923
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11924
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11929
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11930
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
11931
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12085
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12086
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12097
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12098
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12099
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12437
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12242
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12243
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12244
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12389
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12390
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
12436
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10729
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10735
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10852
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10853
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10816
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10855
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10051
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10049
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10378
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10379
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10483
7.1
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Disk Cleanup Tool
Microsoft
Yes
CVE-2025-21420
Improper Link Resolution Before File Access ('Link Following')
11924
11923
11572
11931
11930
12085
12086
11571
12098
12097
11568
11929
12099
11569
12437
12242
12243
12244
12436
10729
12390
12389
10735
10816
10852
10855
10853
10483
10379
10378
10543
Elevation of Privilege
11924
Elevation of Privilege
11923
Elevation of Privilege
11572
Elevation of Privilege
11931
Elevation of Privilege
11930
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
11571
Elevation of Privilege
12098
Elevation of Privilege
12097
Elevation of Privilege
11568
Elevation of Privilege
11929
Elevation of Privilege
12099
Elevation of Privilege
11569
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
12390
Elevation of Privilege
12389
Elevation of Privilege
10735
Elevation of Privilege
10816
Elevation of Privilege
10852
Elevation of Privilege
10855
Elevation of Privilege
10853
Elevation of Privilege
10483
Elevation of Privilege
10379
Elevation of Privilege
10378
Elevation of Privilege
10543
Important
11924
Important
11923
Important
11572
Important
11931
Important
11930
Important
12085
Important
12086
Important
11571
Important
12098
Important
12097
Important
11568
Important
11929
Important
12099
Important
11569
Important
12437
Important
12242
Important
12243
Important
12244
Important
12436
Important
10729
Important
12390
Important
12389
Important
10735
Important
10816
Important
10852
Important
10855
Important
10853
Important
10483
Important
10379
Important
10378
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11924
11923
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11924
11923
5051979
5051979
https://support.microsoft.com/help/5051979
11924
11923
5052106
11924
11923
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11924
11923
5052106
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11572
11571
11568
11569
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11572
11571
11568
11569
5052000
5052000
https://support.microsoft.com/help/5052000
11572
11571
11568
11569
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11931
11930
11929
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11931
11930
11929
5051974
5051974
https://support.microsoft.com/help/5051974
11931
11930
12098
12097
11929
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12098
12097
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12098
12097
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12436
12390
12389
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12436
12390
12389
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12436
12390
12389
5052105
12437
12436
12390
12389
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12436
12390
12389
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10816
10852
10855
10853
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10816
10852
10855
10853
5052006
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10379
10378
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10379
10378
5052020
1.0
2025-02-11T08:00:00
<p>Information published.</p>
HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
<p><strong>Why is this HackerOne CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Node.js software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p>
Open Source Software
HackerOne
Yes
CVE-2023-32002
11935
12139
12140
Remote Code Execution
11935
12139
12140
Important
11935
12139
12140
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
Release Notes
https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11
11935
Maybe
Security Update
16.11.44
https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11
11935
Release Notes
nodejs
12139
nodejs-16.20.2-2.cm2.x86_64.rpm
0001-01-01T00:00:00
nodejs-devel-16.20.2-2.cm2.x86_64.rpm
0001-01-01T00:00:00
nodejs-debuginfo-16.20.2-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
16.20.2-2
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
12139
nodejs
nodejs18
12139
nodejs18-18.17.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
nodejs18-devel-18.17.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
nodejs18-debuginfo-18.17.1-2.cm2.x86_64.rpm
0001-01-01T00:00:00
CBL-Mariner
18.17.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
12139
nodejs18
nodejs
12140
nodejs-16.20.2-2.cm2.aarch64.rpm
0001-01-01T00:00:00
nodejs-devel-16.20.2-2.cm2.aarch64.rpm
0001-01-01T00:00:00
nodejs-debuginfo-16.20.2-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
16.20.2-2
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
12140
nodejs
nodejs18
12140
nodejs18-18.17.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
nodejs18-devel-18.17.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
nodejs18-debuginfo-18.17.1-2.cm2.aarch64.rpm
0001-01-01T00:00:00
CBL-Mariner
18.17.1-2
https://nvd.nist.gov/vuln/detail/CVE-2023-32002
12140
nodejs18
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
<p><strong>Why is update 4.78 for Microsoft AutoUpdate for Mac not available for download?</strong></p>
<p>Security update for Microsoft AutoUpdate 4.78 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.</p>
Microsoft AutoUpdate (MAU)
Microsoft
Yes
CVE-2025-24036
Time-of-check Time-of-use (TOCTOU) Race Condition
10949
Elevation of Privilege
10949
Important
10949
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10949
Release Notes
https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_AutoUpdate_4.78.25022527_Updater.pkg
10949
Maybe
Security Update
4.78.25022527
https://learn.microsoft.com/en-us/officeupdates/release-history-microsoft-autoupdate
10949
Release Notes
Stéphane Emma with POST Luxembourg
1.0
2025-02-11T08:00:00
<p>Information published.</p>
2.0
2025-03-11T07:00:00
<p>To comprehensively address CVE-2025-24036, Microsoft has released a security update on March 11, 2025 for Microsoft AutoUpdate for Mac. Microsoft recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p>
3.0
2025-04-08T07:00:00
<p>The security update for Microsoft AutoUpdate for Mac is now available. See the Security Updates table for more information.</p>
2.1
2025-03-11T07:00:00
<p>Added an FAQ. This is an information change only.</p>
Visual Studio Code Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>The attacker would gain the rights of the user that is running the affected application.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with standard user privileges could place a malicious file on the Visual Code server and then wait for the privileged victim to run the server.</p>
Visual Studio Code
Microsoft
Yes
CVE-2025-24039
Uncontrolled Search Path Element
11622
Elevation of Privilege
11622
Important
11622
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11622
Release Notes
https://code.visualstudio.com/download
11622
Maybe
Security Update
1.97.1
https://code.visualstudio.com/updates/v1_97
11622
Release Notes
<a href="https://github.com/ycdxsb">ycdxsb</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Outlook Spoofing Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p>
<p>An attacker's message can inherit the sender's email address from another message in the UI. The attacker cannot control which message it inherits from. This issue occurs exclusively for messages in the Junk folder, as it is the only folder where the app displays the sender's email address. The attacker cannot affect confidentiality or availability.</p>
Outlook for Android
Microsoft
Yes
CVE-2025-21259
User Interface (UI) Misrepresentation of Critical Information
10685
Spoofing
10685
Important
10685
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.3
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
10685
Release Notes
https://play.google.com/store/apps/details/Microsoft_Outlook?id=com.microsoft.office.outlook&hl=en_US&pli=1
10685
Yes
Security Update
4.2501.1
https://learn.microsoft.com/en-us/officeupdates/release-notes-outlook-mobile
10685
Release Notes
Jérémie Fréreault
Jérémie Fréreault
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability
<p>Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Dynamics 365 Sales
Microsoft
No
CVE-2025-21177
Server-Side Request Forgery (SSRF)
11958
Elevation of Privilege
11958
Critical
11958
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.7
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
11958
<a href="https://x.com/nmdhkr">Brad Schlintz (nmdhkr)</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Chromium: CVE-2025-0444 Use after free in Skia
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0444
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-06T08:00:08
<p>Information published.</p>
Chromium: CVE-2025-0445 Use after free in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0445
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-06T08:00:13
<p>Information published.</p>
Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0451
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-06T08:00:16
<p>Information published.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality), make changes to disclosed information (Integrity), and they might be able to force a crash within the browser tab (Availability).</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21342
Access of Resource Using Incompatible Type ('Type Confusion')
11655
Remote Code Execution
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?</strong></p>
<p>An attacker is only able to compromise files that they were allowed access to as part of their initial privilege but cannot affect the availability of the browser.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21267
Improperly Implemented Security Check for Standard
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
4.4
4.0
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://www.x.com/mdakh404_">MOAAD AKHRAZ</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21279
Access of Resource Using Incompatible Type ('Type Confusion')
11655
Remote Code Execution
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
6.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21283
Insufficient Granularity of Address Regions Protected by Register Locks
11655
Remote Code Execution
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
6.5
5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Spoofing Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p>
<p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21404
The UI Performs the Wrong Action
11655
Spoofing
11655
Low
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
4.3
3.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
Simon Zuckerbraun and Peter Girnus of Trend Micro Zero Day Initiative
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21408
Access of Resource Using Incompatible Type ('Type Confusion')
11655
Remote Code Execution
11655
Important
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Edge for IOS and Android Spoofing Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.51</td>
<td>2/6/2025</td>
<td>133.0.6943.53/54</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
Microsoft Edge for iOS and Android
Microsoft
Yes
CVE-2025-21253
User Interface (UI) Misrepresentation of Critical Information
11815
11966
Spoofing
11815
Spoofing
11966
Moderate
11815
Moderate
11966
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
5.3
4.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11815
5.3
4.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
11966
Release Notes
11815
11966
No
Security Update
133.0.3065.51
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11815
11966
Release Notes
<a href="https://twitter.com/renwax23">Renwa (@RenwaX23)</a>
1.0
2025-02-06T08:00:00
<p>Information published.</p>
Microsoft Surface Security Feature Bypass Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.</p>
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine.</p>
<p><strong>What actions do customers need to perform to be protected against this vulnerability?</strong></p>
<p>Surface devices get updates through Windows Update. See <a href="https://support.microsoft.com/en-us/surface/surface-update-history-6036fff5-edec-c8ec-9796-a5633aac9488">Surface update history</a> for more information.</p>
<p>If you wish to install the updates manually, you can do the following:</p>
<ol>
<li>In the Surface app, expand <strong>Help & support</strong> to check the update status.</li>
<li>If there are updates available, select the <strong>Check for updates</strong> button to open Windows Update and install the available updates.</li>
</ol>
Microsoft Surface
Microsoft
Yes
CVE-2025-21194
Improper Input Validation
12487
12492
12494
12489
12495
12483
12490
12486
12491
12482
12488
12484
12485
12496
11739
Security Feature Bypass
12487
Security Feature Bypass
12492
Security Feature Bypass
12494
Security Feature Bypass
12489
Security Feature Bypass
12495
Security Feature Bypass
12483
Security Feature Bypass
12490
Security Feature Bypass
12486
Security Feature Bypass
12491
Security Feature Bypass
12482
Security Feature Bypass
12488
Security Feature Bypass
12484
Security Feature Bypass
12485
Security Feature Bypass
12496
Security Feature Bypass
11739
Important
12487
Important
12492
Important
12494
Important
12489
Important
12495
Important
12483
Important
12490
Important
12486
Important
12491
Important
12482
Important
12488
Important
12484
Important
12485
Important
12496
Important
11739
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12487
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12492
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12494
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12489
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12495
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12483
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12490
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12486
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12491
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12482
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12488
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12484
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12485
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12496
7.1
6.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11739
Francisco Falcón and Iván Arce of <a href="https://www.quarkslab.com/">Quarkslab</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-21208
Heap-based Buffer Overflow
11571
11572
11923
11924
12437
12244
12436
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12436
5052105
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12436
5052105
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Telephony Service Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2025-21406
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Telephony Service Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2025-21407
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Routing and Remote Access Service (RRAS)
Microsoft
Yes
CVE-2025-21410
Heap-based Buffer Overflow
11571
11572
11923
11924
12437
12244
12436
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
12437
Remote Code Execution
12244
Remote Code Execution
12436
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11571
Important
11572
Important
11923
Important
11924
Important
12437
Important
12244
Important
12436
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12436
5052105
12437
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12436
5052105
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Nirmala Nawale with Microsoft
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Telephony Service Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2025-21190
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Telephony Service Remote Code Execution Vulnerability
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2025-21200
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Telephony Server Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Telephony Server
Microsoft
Yes
CVE-2025-21201
Double Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A) and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>Multiple networking topologies are available to connect High Performance Compute (HPC) resources which are reliant upon intra-nets or private networks and do not expose HPC resources to the public internet regardless of implementation. An attacker must have access to the network connecting the targeted clusters and nodes (PR:L) and must send a specially crafted HTTPS request to the head node (AV:A) to successfully exploit this vulnerability.</p>
<p>For more information on how HPC resources can be connected, please reference this documentation regarding <a href="https://learn.microsoft.com/en-us/powershell/high-performance-computing/understanding-hpc-cluster-network-topologies?view=hpc19-ps#BKMK_Networks">Understanding HPC Cluster Network Topologies</a>.</p>
<p><strong>According to the CVSS metric, the scope is changed (S:C). What does that mean for this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by sending a specially crafted HTTPS request to the targeted head node or Linux compute node granting them the ability to perform RCE on other clusters or nodes connected to the targeted head node.</p>
Microsoft High Performance Compute Pack (HPC) Linux Node Agent
Microsoft
Yes
CVE-2025-21198
Missing Authentication for Critical Function
12455
12454
Remote Code Execution
12455
Remote Code Execution
12454
Important
12455
Important
12454
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
9.0
7.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12455
9.0
7.8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
12454
Release Notes
https://go.microsoft.com/fwlink/?linkid=2303840
12455
Maybe
Security Update
6.3.8328.0
https://learn.microsoft.com/en-us/powershell/high-performance-computing/release-notes-for-hpc-pack-2019-update-3?view=hpc19-ps
12455
Release Notes
Release Notes
https://go.microsoft.com/fwlink/?linkid=2303840
12454
Maybe
Security Update
2016.3
https://learn.microsoft.com/en-us/powershell/high-performance-computing/release-notes-for-hpc-pack-2016-update-3?view=hpc16-ps
12454
Release Notes
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows NTFS Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>An attacker would only be able to list folder contents and not gain system privileges.</p>
Microsoft Windows
Microsoft
Yes
CVE-2025-21337
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12242
12243
12244
12389
12390
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
12436
12437
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
12436
Elevation of Privilege
12437
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
12436
Important
12437
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11568
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11569
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11571
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11572
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11923
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11924
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11929
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11930
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
11931
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12085
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12086
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12097
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12098
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12099
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12242
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12243
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12244
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12389
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12390
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10729
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10735
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10852
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10853
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10816
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10855
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9312
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10287
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9318
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
9344
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10051
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10049
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10378
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10379
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10483
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
10543
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12436
3.3
2.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
12437
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12389
12390
12436
12437
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12389
12390
12436
12437
5051987
5051987
https://support.microsoft.com/help/5051987
12389
12390
12436
12437
5052105
12389
12390
12436
12437
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12389
12390
12436
12437
5052105
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
hazard
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Deployment Services Denial of Service Vulnerability
<p><strong>According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Windows Deployment Services functionality.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), but could lead to major loss on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>An attacker who successfully exploits this vulnerability cannot access files but can overwrite their contents and potentially cause the service to become unavailable.</p>
Windows Update Stack
Microsoft
Yes
CVE-2025-21347
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11568
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11569
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11571
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11572
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11923
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11924
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11929
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11930
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
11931
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12085
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12086
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12097
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12098
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12099
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12437
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12242
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12243
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12244
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12389
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12390
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
12436
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10729
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10735
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10852
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10853
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10816
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10855
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10378
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10379
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10483
6.0
5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
<a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Remote Desktop Configuration Service Tampering Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p>
<p>An unauthorized attacker must wait for a user to initiate a connection.</p>
Windows Remote Desktop Services
Microsoft
Yes
CVE-2025-21349
Improper Authentication
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Tampering
11568
Tampering
11569
Tampering
11571
Tampering
11572
Tampering
11923
Tampering
11924
Tampering
11929
Tampering
11930
Tampering
11931
Tampering
12085
Tampering
12086
Tampering
12097
Tampering
12098
Tampering
12099
Tampering
12437
Tampering
12242
Tampering
12243
Tampering
12244
Tampering
12389
Tampering
12390
Tampering
12436
Tampering
10729
Tampering
10735
Tampering
10852
Tampering
10853
Tampering
10816
Tampering
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11568
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11569
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11571
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11572
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11923
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11924
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11929
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11930
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
11931
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12085
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12086
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12097
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12098
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12099
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12437
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12242
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12243
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12244
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12389
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12390
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
12436
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10729
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10735
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10852
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10853
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10816
6.8
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
Philemon Orphee Favrod with Microsoft
Josh Watson with Microsoft
Ray Reskusich with Microsoft
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Kerberos Denial of Service Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p>
Windows Kerberos
Microsoft
Yes
CVE-2025-21350
Improper Input Validation
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
5.9
5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Core Messaging Elevation of Privileges Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows CoreMessaging
Microsoft
Yes
CVE-2025-21358
Untrusted Pointer Dereference
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
YanZiShuang@BigCJTeam of cyberkl
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Kernel Security Feature Bypass Vulnerability
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An authenticated attacker who successfully exploits the vulnerability could bypass the AdminLess security feature.</p>
Windows Kernel
Microsoft
Yes
CVE-2025-21359
Improper Access Control
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Security Feature Bypass
11568
Security Feature Bypass
11569
Security Feature Bypass
11571
Security Feature Bypass
11572
Security Feature Bypass
11923
Security Feature Bypass
11924
Security Feature Bypass
11929
Security Feature Bypass
11930
Security Feature Bypass
11931
Security Feature Bypass
12085
Security Feature Bypass
12086
Security Feature Bypass
12097
Security Feature Bypass
12098
Security Feature Bypass
12099
Security Feature Bypass
12437
Security Feature Bypass
12242
Security Feature Bypass
12243
Security Feature Bypass
12244
Security Feature Bypass
12389
Security Feature Bypass
12390
Security Feature Bypass
12436
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10852
Security Feature Bypass
10853
Security Feature Bypass
10816
Security Feature Bypass
10855
Security Feature Bypass
9312
Security Feature Bypass
10287
Security Feature Bypass
9318
Security Feature Bypass
9344
Security Feature Bypass
10051
Security Feature Bypass
10049
Security Feature Bypass
10378
Security Feature Bypass
10379
Security Feature Bypass
10483
Security Feature Bypass
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
hazard
Varun Goel from Microsoft
MORSE
1.0
2025-02-11T08:00:00
<p>Information published.</p>
1.1
2025-02-14T08:00:00
<p>Updated FAQ information. This is an informational change only.</p>
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Win32 Kernel Subsystem
Microsoft
Yes
CVE-2025-21367
Use After Free
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
Devin Jensen with Microsoft
Benjamin Rodes from Microsoft
<a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities & Mitigations
Devin Jensen with Microsoft
1.0
2025-02-11T08:00:00
<p>Information published.</p>
1.1
2025-12-17T08:00:00
<p>Added an acknowledgement. This is an informational change only.</p>
Windows Telephony Service Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p>
Windows Telephony Service
Microsoft
Yes
CVE-2025-21371
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Remote Code Execution
11568
Remote Code Execution
11569
Remote Code Execution
11571
Remote Code Execution
11572
Remote Code Execution
11923
Remote Code Execution
11924
Remote Code Execution
11929
Remote Code Execution
11930
Remote Code Execution
11931
Remote Code Execution
12085
Remote Code Execution
12086
Remote Code Execution
12097
Remote Code Execution
12098
Remote Code Execution
12099
Remote Code Execution
12437
Remote Code Execution
12242
Remote Code Execution
12243
Remote Code Execution
12244
Remote Code Execution
12389
Remote Code Execution
12390
Remote Code Execution
12436
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10852
Remote Code Execution
10853
Remote Code Execution
10816
Remote Code Execution
10855
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
8.8
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
NTLM Hash Disclosure Spoofing Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H). What does that mean for this vulnerability?</strong></p>
<p>This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to authenticate as the user.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.</p>
<p><strong>The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2?</strong></p>
<p>While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.</p>
<p>To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.</p>
Windows NTLM
Microsoft
Yes
CVE-2025-21377
External Control of File Name or Path
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Spoofing
11568
Spoofing
11569
Spoofing
11571
Spoofing
11572
Spoofing
11923
Spoofing
11924
Spoofing
11929
Spoofing
11930
Spoofing
11931
Spoofing
12085
Spoofing
12086
Spoofing
12097
Spoofing
12098
Spoofing
12099
Spoofing
12437
Spoofing
12242
Spoofing
12243
Spoofing
12244
Spoofing
12389
Spoofing
12390
Spoofing
12436
Spoofing
10729
Spoofing
10735
Spoofing
10852
Spoofing
10853
Spoofing
10816
Spoofing
10855
Spoofing
9312
Spoofing
10287
Spoofing
9318
Spoofing
9344
Spoofing
10051
Spoofing
10049
Spoofing
10378
Spoofing
10379
Spoofing
10483
Spoofing
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11568
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11569
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11571
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11572
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11923
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11924
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11929
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11930
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
11931
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12085
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12086
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12097
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12098
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12099
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12437
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12242
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12243
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12244
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12389
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12390
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
12436
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10729
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10735
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10852
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10853
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10816
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10855
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9312
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10287
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9318
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
9344
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10051
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10049
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10378
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10379
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10483
6.5
6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5051972
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051972
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Yes
IE Cumulative
1
https://support.microsoft.com/help/5051972
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
5051972
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
Blaz Satler with <a href="https://0patch.com/">0patch by ACROS Security</a>
Yorick Koster of <a href="https://www.securify.nl/en/">Securify B.V. </a>
Vincent Yau with Cathay Pacific
Ivan Sheung with Cathay Pacific
Owen Cheung with Cathay Pacific
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-21381
Untrusted Pointer Dereference
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Critical
10836
Critical
11573
Critical
11574
Critical
11762
Critical
11763
Critical
11951
Critical
11952
Critical
11953
Critical
12420
Critical
12421
Critical
12440
Critical
10739
Critical
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002679
https://www.microsoft.com/download/details.aspx?familyid=59a7cbbb-6f06-45f7-86b0-60579f8f0da4
5002677
10836
Maybe
Security Update
16.0.10416.20058
https://support.microsoft.com/help/5002679
10836
5002679
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002687
https://www.microsoft.com/download/details.aspx?familyid=bfdbb364-068f-4148-8e94-312c1a13636e
5002673
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10739
5002687
5002687
https://www.microsoft.com/download/details.aspx?familyid=747b0e2c-b3ec-4620-bafe-82ae03866a29
5002673
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10740
5002687
0x140ce(Peace & Love)
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-21386
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002679
https://www.microsoft.com/download/details.aspx?familyid=59a7cbbb-6f06-45f7-86b0-60579f8f0da4
5002677
10836
Maybe
Security Update
16.0.10416.20058
https://support.microsoft.com/help/5002679
10836
5002679
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002687
https://www.microsoft.com/download/details.aspx?familyid=bfdbb364-068f-4148-8e94-312c1a13636e
5002673
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10739
5002687
5002687
https://www.microsoft.com/download/details.aspx?familyid=747b0e2c-b3ec-4620-bafe-82ae03866a29
5002673
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10740
5002687
cdbb6164ddfda2b210fd348442322115
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-21387
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002679
https://www.microsoft.com/download/details.aspx?familyid=59a7cbbb-6f06-45f7-86b0-60579f8f0da4
5002677
10836
Maybe
Security Update
16.0.10416.20058
https://support.microsoft.com/help/5002679
10836
5002679
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002687
https://www.microsoft.com/download/details.aspx?familyid=bfdbb364-068f-4148-8e94-312c1a13636e
5002673
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10739
5002687
5002684
https://www.microsoft.com/download/details.aspx?familyid=b0fc33a5-c00d-4850-a352-ef164eed0399
5002595
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002684
10739
5002684
5002687
https://www.microsoft.com/download/details.aspx?familyid=747b0e2c-b3ec-4620-bafe-82ae03866a29
5002673
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10740
5002687
5002684
https://www.microsoft.com/download/details.aspx?familyid=130d567d-ea7f-41f3-ad52-6e245c360303
5002595
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002684
10740
5002684
f4
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p>
<p><strong>How could an attacker exploit this vulnerability?</strong></p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p>
<p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-21390
Heap-based Buffer Overflow
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002679
https://www.microsoft.com/download/details.aspx?familyid=59a7cbbb-6f06-45f7-86b0-60579f8f0da4
5002677
10836
Maybe
Security Update
16.0.10416.20058
https://support.microsoft.com/help/5002679
10836
5002679
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002687
https://www.microsoft.com/download/details.aspx?familyid=bfdbb364-068f-4148-8e94-312c1a13636e
5002673
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10739
5002687
5002179
https://www.microsoft.com/download/details.aspx?familyid=ea71801b-daaa-4a46-8d4c-0858066c1043
3118335
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/kb/5002179
10739
5002179
5002687
https://www.microsoft.com/download/details.aspx?familyid=747b0e2c-b3ec-4620-bafe-82ae03866a29
5002673
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10740
5002687
5002179
https://www.microsoft.com/download/details.aspx?familyid=8a8589d6-c63a-4f1b-9f08-f8af2fce777f
3118335
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/kb/5002179
10740
5002179
Anonymous
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-21392
Use After Free
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10753
10754
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10753
Remote Code Execution
10754
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10753
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10754
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002686
https://www.microsoft.com/download/details.aspx?familyid=35e9577e-4bcb-442d-a941-2b0aa2ffdd33
5002675
10753
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002686
10753
5002686
5002686
https://www.microsoft.com/download/details.aspx?familyid=702ba983-2d2e-4c45-ba38-36e3625baabe
5002675
10754
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002686
10754
5002686
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Excel Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>Yes, the Preview Pane is an attack vector.</p>
Microsoft Office Excel
Microsoft
Yes
CVE-2025-21394
Use After Free
10836
11573
11574
11762
11763
11951
11952
11953
12420
12421
12440
10739
10740
Remote Code Execution
10836
Remote Code Execution
11573
Remote Code Execution
11574
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11951
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Remote Code Execution
12440
Remote Code Execution
10739
Remote Code Execution
10740
Important
10836
Important
11573
Important
11574
Important
11762
Important
11763
Important
11951
Important
11952
Important
11953
Important
12420
Important
12421
Important
12440
Important
10739
Important
10740
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10836
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11573
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11574
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11951
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12440
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10739
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10740
5002679
https://www.microsoft.com/download/details.aspx?familyid=59a7cbbb-6f06-45f7-86b0-60579f8f0da4
5002677
10836
Maybe
Security Update
16.0.10416.20058
https://support.microsoft.com/help/5002679
10836
5002679
Click to Run
11573
11574
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
11573
11574
11762
11763
11952
11953
12420
12421
Click to Run
Release Notes
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Maybe
Security Update
16.94.25020927
https://go.microsoft.com/fwlink/p/?linkid=831049
11951
12440
Release Notes
5002687
https://www.microsoft.com/download/details.aspx?familyid=bfdbb364-068f-4148-8e94-312c1a13636e
5002673
10739
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10739
5002687
5002687
https://www.microsoft.com/download/details.aspx?familyid=747b0e2c-b3ec-4620-bafe-82ae03866a29
5002673
10740
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002687
10740
5002687
0x140ce(Peace & Love)
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p>
<p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p>
<p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p>
<p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p>
<p>No, the Preview Pane is not an attack vector.</p>
Microsoft Office
Microsoft
Yes
CVE-2025-21397
Use After Free
11762
11763
11952
11953
12420
12421
Remote Code Execution
11762
Remote Code Execution
11763
Remote Code Execution
11952
Remote Code Execution
11953
Remote Code Execution
12420
Remote Code Execution
12421
Important
11762
Important
11763
Important
11952
Important
11953
Important
12420
Important
12421
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11762
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11763
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11952
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11953
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12420
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12421
Click to Run
11762
11763
11952
11953
12420
12421
No
Security Update
https://aka.ms/OfficeSecurityReleases
https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates
11762
11763
11952
11953
12420
12421
Click to Run
Haifei Li with <a href="https://pub.expmon.com/">EXPMON</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft SharePoint Server Remote Code Execution Vulnerability
<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p>
<p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p>
<p><strong>How could an attacker exploit the vulnerability?</strong></p>
<p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p>
Microsoft Office SharePoint
Microsoft
Yes
CVE-2025-21400
Improper Authorization
10950
11585
11961
Remote Code Execution
10950
Remote Code Execution
11585
Remote Code Execution
11961
Important
10950
Important
11585
Important
11961
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10950
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11585
8.0
7.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11961
5002685
https://www.microsoft.com/download/details.aspx?familyid=46fe26d2-4dab-4891-97dc-80aa5585c8ee
5002672
10950
Maybe
Security Update
16.0.5487.1000
https://support.microsoft.com/help/5002685
10950
5002685
5002678
https://www.microsoft.com/download/details.aspx?familyid=84541f0e-3f75-46d9-a960-91158440a0a9
5002666
11585
Maybe
Security Update
16.0.10416.20050
https://support.microsoft.com/help/5002678
11585
5002678
5002681
https://www.microsoft.com/download/details.aspx?familyid=7bfaaf49-deb5-403a-93af-1e00b622ea0e
5002676
11961
Maybe
Security Update
16.0.17928.20396
https://support.microsoft.com/help/5002681
11961
5002681
cjm00n with Cyber Kunlun & Zhiniang Peng
1.0
2025-02-11T08:00:00
<p>Information published.</p>
DHCP Client Service Denial of Service Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows DHCP Client
Microsoft
Yes
CVE-2025-21179
Out-of-bounds Read
12437
12389
12390
12436
Denial of Service
12437
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Important
12437
Important
12389
Important
12390
Important
12436
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
4.8
4.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
4.8
4.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
4.8
4.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
4.8
4.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
Milan Justel with Microsoft
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>An attacker can send specially crafted messages to the MSMQ service, which could affect availability of the service and result in Denial of Service (DoS).</p>
Windows Message Queuing
Microsoft
Yes
CVE-2025-21181
Uncontrolled Resource Consumption
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10729
Denial of Service
10735
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Denial of Service
9312
Denial of Service
10287
Denial of Service
9318
Denial of Service
9344
Denial of Service
10051
Denial of Service
10049
Denial of Service
10378
Denial of Service
10379
Denial of Service
10483
Denial of Service
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10729
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10735
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9312
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10287
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9318
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
9344
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10051
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10049
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10378
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10379
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10483
7.5
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
<a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Core Messaging Elevation of Privileges Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows CoreMessaging
Microsoft
Yes
CVE-2025-21184
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
YanZiShuang@BigCJTeam of cyberkl
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Denial of Service Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2025-21212
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Denial of Service Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p>
<p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p>
<p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2025-21216
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Internet Connection Sharing (ICS) Denial of Service Vulnerability
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?</strong></p>
<p>An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).</p>
Windows Internet Connection Sharing (ICS)
Microsoft
Yes
CVE-2025-21254
Out-of-bounds Read
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10852
10853
10816
10855
Denial of Service
11568
Denial of Service
11569
Denial of Service
11571
Denial of Service
11572
Denial of Service
11923
Denial of Service
11924
Denial of Service
11929
Denial of Service
11930
Denial of Service
11931
Denial of Service
12085
Denial of Service
12086
Denial of Service
12097
Denial of Service
12098
Denial of Service
12099
Denial of Service
12437
Denial of Service
12242
Denial of Service
12243
Denial of Service
12244
Denial of Service
12389
Denial of Service
12390
Denial of Service
12436
Denial of Service
10852
Denial of Service
10853
Denial of Service
10816
Denial of Service
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11568
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11569
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11571
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11572
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11923
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11924
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11929
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11930
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
11931
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12085
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12086
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12097
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12098
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12099
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12437
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12242
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12243
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12244
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12389
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12390
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
12436
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10852
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10853
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10816
6.5
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft PC Manager Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Microsoft PC Manager
Microsoft
Yes
CVE-2025-21322
Improper Link Resolution Before File Access ('Link Following')
12441
Elevation of Privilege
12441
Important
12441
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12441
Release Notes
https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US
12441
Maybe
Security Update
3.15.4.0
https://apps.microsoft.com/detail/9pm860492szd?hl=en-us&gl=US
12441
Release Notes
AshLc
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Core Messaging Elevation of Privileges Vulnerability
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows DWM Core Library
Microsoft
Yes
CVE-2025-21414
Heap-based Buffer Overflow
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.0
6.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
YanZiShuang@BigCJTeam of cyberkl
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Windows Installer Elevation of Privilege Vulnerability
<p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p>
<p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p>
Windows Installer
Microsoft
Yes
CVE-2025-21373
Improper Link Resolution Before File Access ('Link Following')
11568
11569
11571
11572
11923
11924
11929
11930
11931
12085
12086
12097
12098
12099
12437
12242
12243
12244
12389
12390
12436
10729
10735
10852
10853
10816
10855
9312
10287
9318
9344
10051
10049
10378
10379
10483
10543
Elevation of Privilege
11568
Elevation of Privilege
11569
Elevation of Privilege
11571
Elevation of Privilege
11572
Elevation of Privilege
11923
Elevation of Privilege
11924
Elevation of Privilege
11929
Elevation of Privilege
11930
Elevation of Privilege
11931
Elevation of Privilege
12085
Elevation of Privilege
12086
Elevation of Privilege
12097
Elevation of Privilege
12098
Elevation of Privilege
12099
Elevation of Privilege
12437
Elevation of Privilege
12242
Elevation of Privilege
12243
Elevation of Privilege
12244
Elevation of Privilege
12389
Elevation of Privilege
12390
Elevation of Privilege
12436
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10852
Elevation of Privilege
10853
Elevation of Privilege
10816
Elevation of Privilege
10855
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
11568
Important
11569
Important
11571
Important
11572
Important
11923
Important
11924
Important
11929
Important
11930
Important
11931
Important
12085
Important
12086
Important
12097
Important
12098
Important
12099
Important
12437
Important
12242
Important
12243
Important
12244
Important
12389
Important
12390
Important
12436
Important
10729
Important
10735
Important
10852
Important
10853
Important
10816
Important
10855
Important
9312
Important
10287
Important
9318
Important
9344
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11568
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11569
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11571
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11572
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11923
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11924
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11929
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11930
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
11931
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12085
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12086
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12097
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12098
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12099
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12437
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12242
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12243
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12244
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12389
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12390
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12436
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10729
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10735
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10852
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10853
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10816
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10855
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9312
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10287
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9318
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
9344
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10051
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10049
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10378
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10379
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10483
7.8
6.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
10543
5052000
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052000
5050008
11568
11569
11571
11572
Yes
Security Update
10.0.17763.6893
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5052000
5052000
https://support.microsoft.com/help/5052000
11568
11569
11571
11572
5051979
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051979
5049983
11923
11924
Yes
Security Update
10.0.20348.3207
https://support.microsoft.com/help/5051979
11923
11924
5051979
5051979
https://support.microsoft.com/help/5051979
11923
11924
5052106
11923
11924
Yes
SecurityHotpatchUpdate
10.0.20348.3148
https://support.microsoft.com/help/5052106
11923
11924
5052106
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
11929
11930
11931
Yes
Security Update
10.0.19044.5487
https://support.microsoft.com/help/5051974
11929
11930
11931
5051974
5051974
https://support.microsoft.com/help/5051974
11929
11930
11931
12097
12098
12099
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12085
12086
Yes
Security Update
10.0.22621.4890
https://support.microsoft.com/help/5051989
12085
12086
5051989
5051989
https://support.microsoft.com/help/5051989
12085
12086
12242
12243
5051974
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051974
5049981
12097
12098
12099
Yes
Security Update
10.0.19045.5487
https://support.microsoft.com/help/5051974
12097
12098
12099
5051974
5051987
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051987
5050009
12437
12389
12390
12436
Yes
Security Update
10.0.26100.3194
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5051987
5051987
https://support.microsoft.com/help/5051987
12437
12389
12390
12436
5052105
12437
12389
12390
12436
Yes
SecurityHotpatchUpdate
10.0.26100.3107
https://support.microsoft.com/help/5052105
12437
12389
12390
12436
5052105
5051989
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051989
5050021
12242
12243
Yes
Security Update
10.0.22631.4890
https://support.microsoft.com/help/5051989
12242
12243
5051989
5051980
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5051980
5049984
12244
Yes
Security Update
10.0.25398.1425
https://support.microsoft.com/help/5051980
12244
5051980
5051980
https://support.microsoft.com/help/5051980
12244
5052040
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052040
5050013
10729
10735
Yes
Security Update
10.0.10240.20915
https://support.microsoft.com/help/5052040
10729
10735
5052040
5052006
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052006
5049993
10852
10853
10816
10855
Yes
Security Update
10.0.14393.7785
https://support.microsoft.com/help/5052006
10852
10853
10816
10855
5052006
5052038
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052038
5050063
9312
10287
9318
9344
Yes
Monthly Rollup
6.0.6003.23117
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052038
5052038
https://support.microsoft.com/help/5052038
9312
10287
9318
9344
5052072
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052072
9312
10287
9318
9344
Yes
Security Only
6.0.6003.23117
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052072
5052072
https://support.microsoft.com/help/5052072
9312
10287
9318
9344
5052016
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052016
5050049
10051
10049
Yes
Monthly Rollup
6.1.7601.27566
https://support.microsoft.com/help/5052016
10051
10049
5052016
5052032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052032
10051
10049
Yes
Security Only
6.1.7601.27566
https://support.microsoft.com/help/5052032
10051
10049
5052032
5052020
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052020
5050004
10378
10379
Yes
Monthly Rollup
6.2.9200.25317
https://support.microsoft.com/help/5052020
10378
10379
5052020
5052042
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5052042
5050048
10483
10543
Yes
Monthly Rollup
6.3.9600.22417
https://support.microsoft.com/help/5052042
10483
10543
5052042
<a href="https://twitter.com/thezdi">Simon Zuckerbraun</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
<p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p>
<p>An authorized attacker with standard user privileges could place a malicious file on the machine running Visual Studio Code and then wait for the privileged victim to use certain JavaScript debugger functionality.</p>
<p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p>
<p>The attacker would gain the rights of the user that is running the affected application.</p>
Visual Studio Code
Microsoft
Yes
CVE-2025-24042
Improper Access Control
12481
Elevation of Privilege
12481
Important
12481
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
7.3
6.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
12481
Release Notes
https://code.visualstudio.com/download
12481
Maybe
Security Update
1.97.1
https://code.visualstudio.com/updates/v1_97
12481
Release Notes
<a href="https://github.com/ycdxsb">ycdxsb</a>
1.0
2025-02-11T08:00:00
<p>Information published.</p>
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.69</td>
<td>2/14/2025</td>
<td>133.0.6943.98/.99</td>
</tr>
</tbody>
</table>
<p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p>
<p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p>
<p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p>
<p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p>
<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>
<p>An attacker who succesfully exploited this could bypass a user gesture requirement.</p>
<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>
<p>An attacker must send a user a malicious Office file and convince them to open it.</p>
Microsoft Edge (Chromium-based)
Microsoft
Yes
CVE-2025-21401
URL Redirection to Untrusted Site ('Open Redirect')
11655
11655
11655
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
4.5
3.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
11655
Release Notes
11655
No
Security Update
133.0.3065.69
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
<a href="https://www.linkedin.com/in/mohd-huzaifa-519a262a4">Mohd Huzaifa</a>
findbug
1.0
2025-02-13T08:00:00
<p>Information published.</p>
1.1
2025-02-21T08:00:00
<p>Updated acknowledgment. This is an informational change only.</p>
Microsoft Bing Remote Code Execution Vulnerability
<p>Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network</p>
<p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p>
<p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p>
<p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p>
Microsoft Bing
Microsoft
No
CVE-2025-21355
Missing Authentication for Critical Function
12500
Remote Code Execution
12500
Critical
12500
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A
8.6
7.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
12500
nicolas joly
1.0
2025-02-19T08:00:00
<p>Information published.</p>
Microsoft Power Pages Elevation of Privilege Vulnerability
<p>An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.</p>
<p>This vulnerability <strong>has already been mitigated in the service</strong> and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.</p>
Microsoft Power Pages
Microsoft
Yes
CVE-2025-24989
Improper Access Control
12497
Elevation of Privilege
12497
Critical
12497
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
8.2
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C
12497
Raj Kumar with Microsoft
1.0
2025-02-19T08:00:00
<p>Information published.</p>
1.1
2025-02-21T08:00:00
<p>Fixed a typographical error. This is an information change only.</p>
Chromium: CVE-2025-0999 Heap buffer overflow in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.82</td>
<td>2/21/2025</td>
<td>133.0.6943.126/.127</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0999
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-21T08:00:38
<p>Information published.</p>
Chromium: CVE-2025-1006 Use after free in Network
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.82</td>
<td>2/21/2025</td>
<td>133.0.6943.126/.127</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1426
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-21T08:00:43
<p>Information published.</p>
Chromium: CVE-2025-1426 Heap buffer overflow in GPU
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.82</td>
<td>2/21/2025</td>
<td>133.0.6943.126/.127</td>
</tr>
</tbody>
</table>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-1006
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.82
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-21T08:00:46
<p>Information published.</p>
Chromium: CVE -2025-0998 Out of bounds memory access in V8
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>
<p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p>
<p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p>
<p><strong>How can I see the version of the browser?</strong></p>
<ol>
<li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li>
<li>Click on <strong>Help and Feedback</strong></li>
<li>Click on <strong>About Microsoft Edge</strong></li>
</ol>
<p><strong>What is the version information for this release?</strong></p>
<table>
<thead>
<tr>
<th>Microsoft Edge Version</th>
<th>Date Released</th>
<th>Based on Chromium Version</th>
</tr>
</thead>
<tbody>
<tr>
<td>133.0.3065.69</td>
<td>2/14/2025</td>
<td>133.0.6943.98/.99</td>
</tr>
</tbody>
</table>
Microsoft Edge (Chromium-based)
Chrome
Yes
CVE-2025-0998
11655
11655
11655
Release Notes
11655
No
Security Update
133.0.3065.69
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
11655
Release Notes
1.0
2025-02-14T08:00:09
<p>Information published.</p>